Internet stops working if Pi Hole goes down

Hey Everyone,

I recently set up Openwrt to use Port Forwarding rules under Firewall-> Port Forwards and also enable Masquerade under NAT Rules so that all the traffic is forced to go through Pi Hole, however it breaks if the Pi is down or otherwise unable to respond.

Is there a way to setup conditional port forwarding in this case which makes a check to see if the device is active every so often and incase it isn't; disable the port forward rules until the next time the check is made and the response is positive?

To be clear, the internet doesn't actually go down, it's just that domain name resolution stops working and thus anything with a domain (vs raw IP addresses) cannot be resolved and thus requested over the internet.

You may be able to use something like watchcat to check the status of the pihole and script changes if it is or is not available.

2 Likes

Yep, that does make sense.

https://openwrt.org/docs/guide-user/advanced/watchcat

I was able to find this, but I don't see any option to set it up to use a custom script or change/enable Firewall rules.

You have to use 2 dns servers or more to have it reliable. It is solved like that like 50 years ago introducing DNS.

Having a secondary DNS won't work since there are rules setup to force traffic through the Pi Hole.

I was able to find a run script option under services -> Watchcat in luci, I will take a look on how to setup Firewall rules through that. If anyone has any sources that would be useful for this script; it would be much appreciated.

Just fix pi-hole, say dnsmasq alone on OpenWRT goes down only after complete internet loss.

I am not quite sure what you mean, can you explain this?

Throw out pihole and go with intended backup configuration?

Yep, still no idea. In the end I didn't use Watchcat since I couldn't find a way to restart the network rule automatically once the Pi came back on.

I just setup a script instead that sets the value for firewall.enabled to 0 for the redirects and the nat if the pi doesn't respond.

And when it comes back on and receives a reply, its enabled again.

If your pihole doesn't work reliably, 24/7, 'always' - that's what you need to work on. There is no alternative, either make pihole bullet proof or find an alternative that is.

--
Enterprise solutions for automatic failover exist, but you really don't want to bother with that at home.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.