I already know how to make the OpenWRT dnsmasq DHCP server send an alternate DNS server IP to the LAN clients.
What I would like to do is have DHCP send two IP address with one of them always being first and the other second so that clients will try one DNS IP and if it fails, try the other one.
I put in the two IPs for "Domain Server" option 6
Network >> Interfaces >> edit LAN >> DHCP >> Advanced >> DHCP Options
DNS may not work the way you think it does (On Windows at least). Primary and secondary servers do not have a order in which they are queried. Linux I believe will prefer the secondary server. (This is just my observation from running pihole for about 4 or 5 years)
Windows will use both Server addresses and prefer the faster one, It will still occasionally check the slower server, right now my Windows 10 box uses the primary about 70 to 90 percent of the time.
You could have written that a bit different if you wanted
6,192.168.1.208, 192.168.1.1
Not sure why you would want to use what looks like a local server and also your router as DNS server as I stated above this may not work as expected. If you prefer your local server just use that IP and not the router, I kind of get it that you want a secondary server in case the first server goes down if thats the case you should create a secondary local server thats not your router.
In classic UNIX DNS the clients use a file named /etc/resolv.conf. At some point the RES_ROTATE option was added and /etc/resolv.conf now has a rotate keyword. Linux "inherited" that and it is documented in the resolv.conf man page that option is documented. It goes:
The rotate option sets RES_ROTATE in _res.options, which causes round-robin selection of name servers from among those listed. This has the effect of spreading the query load among all listed servers, rather than having all clients try the first listed server first every time.
Just to be perfectly clear, what happens when you turn off the rotate option that it makes the client process DNS servers sequentially from the first one listed in /etc/resolv.conf and if that one fails it will try the next one.
With systemd-networkd and systemd-resolved it appears that the DNS client will switch between DNS servers when one fails to respond and then switch again only if the one it switched to fails.
My current approach is to use a script to select my DNS server but I'll probably come up with something better. The script is called piholectl because it switches between using either the Pi-Hole or the OpenWRT as the DNS server.
#! /bin/bash
LINK="$(resolvectl status | grep -PB1 'Current Scopes.*\bDNS\b' | head -n 1 | awk '{print $2}')"
case "$1" in
on)
sudo resolvectl dns "$LINK" 192.168.1.208
;;
off)
sudo resolvectl dns "$LINK" 192.168.1.1
;;
*)
echo usage: piholectl 'on|off'
;;
esac
My Pi-Hole is running in a rootless podman container and it just shuts down periodically and I haven't debugged that yet.
BTW did you know that the reason resolv.conf isn't resolve.conf is due to the design of BSD DNS being based on Paul Mockapetris' 1983 DNS server, JEEVES on TOPS-20 where SIXBIT only supported a maximum of six characters in a 36-bit word hence dropping the "e" at the end of "resolve"?