My current setup has my DHCP + DNS on my Unifi USG. However, as I have all my apps hosted on a different server (unifi, plex, home assistant, NAS, etc.) I’ve ran into issues trying to get things set up.
Basically, Unifi needs to know where the unifi server is, but it’s assigning the IP address to it.
Should I put DHCP+DNS onto it’s own system? Should I put it on my current server? And any non-Pi recommendations for systems? (I’ve had the PI filesystem clobber itself too many times)
Edit: I’m starting to think that the real problem is having UNIFI on the same system as the server, as it prevents me reconfiguring any of the server routing information without also disconnecting unifi…
Edit 2: I’m going to try switching the server from a static DHCP lease to a static IP. If that’s doesn’t work, then I think I’ll move the unifi server onto it’s own system. Thanks!
I use pihole for managing DNS and DHCP. It’s run via docker and the compose file and dnsmasq configs are version controlled so if the Pi dies I can just bring it up on another Pi.
The Pi with pihole has a static IP to avoid some of the issues you described.
That’s what I do. I do have a small VM that is linked to it in a keepalived cluster with a synchronized configuration that can takeover in case the rpi croaks or in case of a reboot, so that my network doesn’t completely die when the rpi is temporarily offline. A lot of services depend on proper DNS resolution being available.
I’ve been meaning to standup another pihole on another pi for DNS redundancy. I have to research how to best keep the piholes in sync. So far I’ve found orbital-sync and gravity-sync.
If you ever switch to AdGuard Home, adguardhome-sync is pretty good. IMO AdGuard Home is better since it has all of PiHole’s features plus it supports DNS-over-HTTPS out-of-the-box, so your ISP can’t spy on your DNS queries (non-encrypted DNS queries can be easily intercepted and modified by your ISP even if you use a third-party DNS server, since they’re unencrypted and unauthenticated)
You can also do that with running cloudflared or unbound on your pihole.
Sure, but that’s extra manual setup, and the point of running something like PiHole is to have a nice UI to manage things.
AdGuard Home uses DNS-over-HTTPS by default, so it’s immediately more privacy-focused than PiHole. I’m really surprised that PiHole hasn’t done this.