My current setup has my DHCP + DNS on my Unifi USG. However, as I have all my apps hosted on a different server (unifi, plex, home assistant, NAS, etc.) I’ve ran into issues trying to get things set up.
Basically, Unifi needs to know where the unifi server is, but it’s assigning the IP address to it.
Should I put DHCP+DNS onto it’s own system? Should I put it on my current server? And any non-Pi recommendations for systems? (I’ve had the PI filesystem clobber itself too many times)
Edit: I’m starting to think that the real problem is having UNIFI on the same system as the server, as it prevents me reconfiguring any of the server routing information without also disconnecting unifi…
Edit 2: I’m going to try switching the server from a static DHCP lease to a static IP. If that’s doesn’t work, then I think I’ll move the unifi server onto it’s own system. Thanks!
You must log in or register to comment.
Generally speaking, any device (“server”) hosting a “service” NEEDS to be assigned a static IP. It simplifies routing significantly and avoids random break problems because DHCP is incredibly stupid at times…
Is there any specific reason you need DHCP to assign an IP to your main hosting server vs setting it all statically?
Moving it to it’s own system will not fix the routing problem. You can probably still leave it on the USG.
You should be able to set a fixed static IP on your server, and then also statically assign that same IP to your server in your USG DHCP config- as long as they both are “thinking about” the same IP I think routing should work correctly.
If that breaks, try just assigning the static IP only from the USG side or only from the server’s side. I’m 90% sure that even if the USG does not have your server machine in it’s client list, if it sends broadcast packets to an entered IP looking for the unifi server, and the unifi server is listening on that manually set IP, they should be able to talk.
disclaimer: i am high as shit right now and this may be bullshit
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol NAS Network-Attached Storage PiHole Network-wide ad-blocker (DNS sinkhole) SATA Serial AT Attachment interface for mass storage SSD Solid State Drive mass storage SSL Secure Sockets Layer, for transparent encryption Unifi Ubiquiti WiFi hardware brand
[Thread #424 for this sub, first seen 11th Jan 2024, 09:35] [FAQ] [Full list] [Contact] [Source code]
I use pihole for managing DNS and DHCP. It’s run via docker and the compose file and dnsmasq configs are version controlled so if the Pi dies I can just bring it up on another Pi.
The Pi with pihole has a static IP to avoid some of the issues you described.
That’s what I do. I do have a small VM that is linked to it in a keepalived cluster with a synchronized configuration that can takeover in case the rpi croaks or in case of a reboot, so that my network doesn’t completely die when the rpi is temporarily offline. A lot of services depend on proper DNS resolution being available.
I’ve been meaning to standup another pihole on another pi for DNS redundancy. I have to research how to best keep the piholes in sync. So far I’ve found orbital-sync and gravity-sync.
If you ever switch to AdGuard Home, adguardhome-sync is pretty good. IMO AdGuard Home is better since it has all of PiHole’s features plus it supports DNS-over-HTTPS out-of-the-box, so your ISP can’t spy on your DNS queries (non-encrypted DNS queries can be easily intercepted and modified by your ISP even if you use a third-party DNS server, since they’re unencrypted and unauthenticated)
DNS-over-HTTPS
You can also do that with running cloudflared or unbound on your pihole.
Sure, but that’s extra manual setup, and the point of running something like PiHole is to have a nice UI to manage things.
AdGuard Home uses DNS-over-HTTPS by default, so it’s immediately more privacy-focused than PiHole. I’m really surprised that PiHole hasn’t done this.
deleted by creator
