I'm running Adguard Home as my primary DNS resolver on my router. I'd like to create a high availability DNS setup, where there's another instance of Adguard Home running on my Proxmox miniPC.
I've been looking at keepalived, which could work beautifully. However, by default it would fail over to the second Adguard instance, if the router itself goes down... Which of course kills the network
How could I set this up (with presumably a hotplug script)? If Adguard Home on the router dies --> stop keepalived on the router, which causes the second instance to take over; if Adguard Home on the router becomes available again --> start keepalived on the router, which causes the primary instance to take over.
The fail-back is not a typical setup of keepalived. Since DNS is resilient on its own, just run both DNS server instances and configure them both on your clients. Worst case will be 5s to fail over to 2nd server if 1st is out.
In theory that should work, but it depends on the client. They won't necessarily use the secondary DNS, should DNS1 fail to respond. Hence my wanting to try keepalived, as explained in this article: https://realmenweardress.es/2024/05/dockerised-vip-accessible-dns/
I have the impression you have no clear idea how keelalived works....
You have two systems. They exchange VRRP packets AND mostly they have also a service health check like in your case your dns server.
So now, either if an interface fails OR the health check fails, the secondary systems elects itself to the master, and the master reduces itself to the secondary. Of your YOU DO NOT STOP! keepalived.
So and now you can either configure keepalived to "stay" and the second system, or the the old master comes back to switch back.
Keepalived can not only run health check script but also scripts on the events when it switches to master, secondary, or fault state.
Of you course, if you run keepalived in docker you need to set your net capabilities. Or just run keepalived on the host systems like everyone else. (sorry for the rant, by just because people are unable to deploy their software in a sane way without docker they making everything unnecessary complicated.)
I'm lost, why not simply feed both DNS IPs through the DHCP, the clients will prioritize the 1st DNS until it goes down, then automatically switch over the the 2nd one.
Once the primary's back, they'll eventually switch back again.
I find that expected behavior not to be fail-safe.
If you want to be sure to reach the nameserver, announce/configure a single (service) IP and use keepalived (vrrp) to handle that (virtual) IP.
No, please no. I (still) don't get why everyone thinks that NAT for docker/k8s is the only "solution". You can also use plain routing IP to the container.
I would argue that keepalived/vrrp is more reliable then betting on proper client behavior. And most of the time a keepalived config for these use cases fit in to under 20 lines on config.
how do you run agd on your router? manually as app, as owrt package in service mode or as docker container?
you may setup a script to monitor if adg runs and act as needed.
if it is a service there is no respawn trigger unfortunately, so you cannot automatically hook on the respawn event.
if docker you may play with health check.
but normal clients can handle 2nd dns server option, not sure how many abnormal clients you have, so i'd not really invest too much effort in this if i were you. such abnormal clients maybe not so important anyway.
???
what is you point? there is a big jump in your thought process i cannot follow. FreeBSD2 from 1993 which could handle 3 upstreams at that time how it is relevant here and now?
your condescending style is not really helpful, but OP said "In theory that should work, but it depends on the client. They won't necessarily use the secondary DNS, should DNS1 fail to respond."
so whether you or I may disagree (actually i tried to subtly indicate that OP maybe worrying too much on a problem not existing) with this belief if s/he has such client it is not answer that FBSD2 supported 3 upstreams in 1993 therefore there is no such abnormal client. ok?
Wow, I didn't mean to start such a spirited discussion
I'm running Adguard on the router from a thumbdrive, and so I didn't install it as a package (to save internal space - quite a big binary and the logs take up space). The other instance is running in an LXC container on Proxmox.
Thanks for the ideas, the check script option was exactly what I needed. I made a simple script that outputs 0 if the Adguard instance on the router works properly and 1 if it isn't resolving anything --> failover. Thanks for all your help guys!
