DNS?

Either is fine: the question is what happens when something breaks and if you care about issues and such.
If your docker host depends on the pihole it's running, there can be some weirditry if it's not available during boot and whatnot (or if it crashes, etc.).
...I ended up with a docker container of pihole and an actual pi as the secondary so that it's nice and redundant.
- Depending on the network's setup, having Pihole fail or unavailable could leave the network completely broken until Pihole becomes available again. Configuring the network to have at least one backup DNS server is therefore extremely important.
  I also recommend having redundant and/or highly available Pihole instances running on different hardware if possible. It may also be a good idea to have an additional external DNS server (eg: 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) configured as a last resort backup in the event that all the Pihole instances are unavailable (or misconfigured).
  
  have an additional external DNS server
  While I agree with you that additional DNS server is without a question a good thing, on this you need to understand that if you set up two nameservers on your laptop (or whatever) they don't have any preference. So, if you have a pihole as one nameserver and google on another you will occasionally see ads on things and your pihole gets overrided every now and then.
  There's multiple ways of solving this, but people often seem to have a misinformed idea that the first item on your dns server list would be preferred and that is very much not the case.
  Personally I'm running a pihole for my network on a VM and if that's down for a longer time then I'll just switch DNS servers from DHCP and reboot my access points (as family hardware is 99% on wifi) and the rest of the family has working internet while I'm working to bring rest of the infrastructure back on line, but that's just my scenario, yours will most likely be more or less different.
- This approach sounds good.
  I think the correct approach is both, if you have the option.
  Most devices accept two name servers. Redundancy is always good, especially for DNS.
- Weirditry. Holy shit my brain melted.

Why not both?
My primary DNS is pihole on a rpi dedicated to the task; but I run a second instance of pihole via my main docker stack for redundancy. Should one or the other be unavailable, there's a second one to pick up the slack.
I just provide both DNS IPs to LAN clients via DHCP.
Gravity Sync is a great tool to keep both piholes settings/records/lists in sync.
- Gravity sync looks cool but it looks like it was depreciated, any alternatives for it?
  
  Oh damn, I hadn't noticed. My setup is still functioning just fine.
  There is an alternative though: Orbital-Sync
  I haven't actually used it, so I can't say much about it; but I'll probably look into replacing gravity-sync with that.

I would suggest 2 pi-hole + unbound stacks on different hardware, preferably on different switches. That way you can restart/fiddle with things without your family going crazy about “internet not working”.
- I remember Watchtower helpfully stopping Pihole before pulling the new image when I only had the one instance running... All while I was out at work with the fiancée on her day off. So many teaching moments in so little time.
  
  💭➕🙏

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters	More Letters
DHCP	Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network
DNS	Domain Name Service/System
HTTP	Hypertext Transfer Protocol, the Web
HTTPS	HTTP over SSL
IP	Internet Protocol
NAS	Network-Attached Storage
PiHole	Network-wide ad-blocker (DNS sinkhole)
SSH	Secure Shell for remote terminal access
SSL	Secure Sockets Layer, for transparent encryption
TLS	Transport Layer Security, supersedes SSL

8 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.

[Thread #970 for this sub, first seen 13th Sep 2024, 17:25] [FAQ] [Full list] [Contact] [Source code]

AdGuard Home is a better choice than PiHole since it uses DNS-over-HTTPS by default. There's also an app called AdGuardHome-Sync to sync settings between multiple instances.
I'd recommend running two DNS servers, and at least one of those separately from the rest of your infrastructure like on a Pi. That way, if you need to pull one of them offline, the internet still works.
- I would say Pihole is a better choice than AdGuard home because PiHole just runs on top of dnsmasq. Throw Unbound on there too as your upstream recursive resolver and you’re set. You don’t even need to worry about an encrypted session to your upstream anymore because your upstream is now your loopback.
  
  Throw Unbound on there too as your upstream recursive resolver
  If you want to run your own recursive DNS server, why would you run two separate DNS servers?
  You don’t even need to worry about an encrypted session to your upstream anymore because your upstream is now your loopback.
  Your outbound queries will still be unencrypted, so your ISP can still log them and create an advertising profile based on them. One of the main points of DoH and DoT is to avoid that, so you'll want them to be encrypted at least until they leave your ISP's network.
- You can accomplish the same with dnscrypt-proxy and Orbital Sync for Pi-Hole. You can also run a recursive DNS server using Unbound.
  
  But why deal with separate software like dnscrypt-proxy when AdGuard Home has it built-in?

While we're at the topic, which DNS do you guys usually use as upstream? On my router I think I set quad9 and cloudflare over TLS but sometimes I notice on new websites I need to refresh a couple of times until it works, might be DNS. Was too lazy to look into it since gaming and apps work without issues.
- https://docs.pi-hole.net/guides/dns/cloudflared/
  I use this to translate DNS to DoH, and use cloudflare, and quad9 upstream.
  
  environment: - TUNNEL_DNS_UPSTREAM=https://1.1.1.1/dns-query,https://1.0.0.1/dns-query,https://9.9.9.9/dns-query,https://149.112.112.9/dns-query
  Haven't really noticed any DNS based lag.

I run my Pi-Hole on a dedicated Raspberry Pi. I have another Pi that runs my SSH tarpit. These are the only 2 things I keep on separate devices, the rest is containerized on my main server.

I have 3 separate machines:
That fat home server with NAS and VM's etc.
A Pi serving my smart home.
A plastic router with OpenWrt doing DNS and (I like to believe) some security, and giving WiFi to many small devices.
They all run 24/7 but I just don't want everything to be dead and dark when one machine is down for whatever reason.

I have a quite rich selfhosted stack, and DNS is indeed part of it.
For such a critical piece of infrastructure I didn't needed a container, just installed Unbound and did some setup for ad blocking and internal DNS rules.
Here my setup: https://wiki.gardiol.org/doku.php?id=router:dhcp-dns
You could go with an independent pihole maybe, but that would double the chances of a hardware failure...
Using one device for everything might seem risky, but actually has less chances of failure ;)