Howdy Everyone!
As I am setting up my infrastructure at home using docker I wanted to ask, is it better to have DNS, something like pi-hole, on my main docker swarm or would it be better to have it on a dedicated machine/docker host separate from the rest of my infrastructure?
Thanks for the input!
Either is fine: the question is what happens when something breaks and if you care about issues and such.
If your docker host depends on the pihole it’s running, there can be some weirditry if it’s not available during boot and whatnot (or if it crashes, etc.).
…I ended up with a docker container of pihole and an actual pi as the secondary so that it’s nice and redundant.
Depending on the network’s setup, having Pihole fail or unavailable could leave the network completely broken until Pihole becomes available again. Configuring the network to have at least one backup DNS server is therefore extremely important.
I also recommend having redundant and/or highly available Pihole instances running on different hardware if possible. It may also be a good idea to have an additional external DNS server (eg: 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) configured as a last resort backup in the event that all the Pihole instances are unavailable (or misconfigured).
This approach sounds good.
I think the correct approach is both, if you have the option.
Most devices accept two name servers. Redundancy is always good, especially for DNS.
Weirditry. Holy shit my brain melted.