Network and DNSLocal DNSIntermediate2 hoursLab build

Create a Raspberry Pi DNS Secondary Server with Pi-hole Sync and Failover Testing

Build a secondary Pi-hole DNS node on a Raspberry Pi, sync core configuration from the primary resolver, and prove client failover before changing router DHCP options.

Last reviewed4/30/2026

Pi-hole core deploymentsTechnitium DNS setupssplit DNS for self-hosted servicessecondary DNS and failover

Raspberry Pi OSPi-holersyncBash

Expected Outcome

A fully functional secondary DNS server that syncs with your primary Pi-hole instance, providing seamless failover in case of primary server failure.

Assumptions

A Raspberry Pi 3 or newer
Raspberry Pi OS installed and updated
Primary Pi-hole instance configured and running
Basic knowledge of terminal commands and network configuration

Bill of Materials

Raspberry Pi power supply
MicroSD card (16GB or larger)
Network cable (optional for wired connection)
Access to your router for DNS settings

Build Steps

Set up the Raspberry Pi
Prepare your Raspberry Pi by installing the necessary software and configuring the network settings.
Changes system state: review before running
```
sudo apt update
sudo apt upgrade -y
sudo apt install -y curl
curl -sSL https://install.pi-hole.net | bash
```
Configure Pi-hole on the secondary server
During the Pi-hole installation, configure it to use the primary Pi-hole server as its upstream DNS provider.
Example pattern only. Adjust for your environment before running.
```
pihole -a -t
pihole -a -i local
pihole -a -g
```
Set up DNS sync
Use rsync to synchronize the Pi-hole configurations and blocklists from the primary server to the secondary server.
Example pattern only. Adjust for your environment before running.
```
rsync -avz --delete pi@<PRIMARY_PI_IP>:/etc/pihole/ /etc/pihole/
rsync -avz --delete pi@<PRIMARY_PI_IP>:/etc/dnsmasq.d/ /etc/dnsmasq.d/
```
Configure failover testing
Test the failover capability by temporarily shutting down the primary Pi-hole server and ensuring the secondary server handles DNS requests.
Changes system state: review before running
```
sudo systemctl stop pihole-FTL
dig @<SECONDARY_PI_IP> example.com
```
Point a test client at both DNS servers
Before changing router-wide DHCP options, validate that one workstation can use the primary and secondary resolver pair.
Example pattern only. Adjust for your environment before running.
```
dig @<PRIMARY_PI_IP> example.com
dig @<SECONDARY_PI_IP> example.com
dig @<SECONDARY_PI_IP> pi.hole
```
Document the production DHCP change
Record the exact router or DHCP scope setting that will advertise both DNS servers, but do not apply it until the single-client test succeeds.
Example pattern only. Adjust for your environment before running.
```
ip addr show
pihole status
```

Validation

Verify that the secondary Pi-hole server is resolving DNS queries by using the 'dig' command.
Check the Pi-hole dashboard to ensure it is receiving queries.

Troubleshooting

If the secondary server is not resolving queries, ensure that the upstream DNS settings are correctly pointing to the primary server.
Check network connectivity between the primary and secondary servers.

Cleanup or Rollback

If testing fails, restart the primary Pi-hole server with 'sudo systemctl start pihole-FTL'.
Remove any temporary client DNS override used during testing.
If the secondary resolver is not ready, leave router DHCP options pointed only at the known-good primary resolver.

Next Improvements

Consider setting up a cron job for regular synchronization between the primary and secondary servers.
Explore advanced configurations for DNS load balancing.