Question How do DNS Server preferences work?


Feb 16, 2013
Hi all,

So to summarize my current network setup, I have a Unifi USG gateway/router, and I currently have two pi-hole servers running as DNS servers (yes two). Long story short, I found my old raspberry pi and decided to run it on a new IP along with my existing pi-hole which was running on a Hyper-V virtual machine. Both have the same uptime, ~24/7.

Being the experimental person I am, I decided to run them both side by side, obviously with different IP's. In my DHCP Server preferences in my Unifi USG, I have set my DHCP Nameserver DNS preferences as follows (yes, there are 4 server preferences that can be entered):

DNS 1: IP of pi-hole-1
DNS 2: IP of pi-hole-2
DNS 3:
DNS 4:

Now for the interesting part; Pi-hole 2 actually receives some lookups as it's logs are slowly becoming populated. pihole-1 certainly captures the vast majority of traffic, however some is being directed to the second pi-hole. This is not a problem per se, however I have a few questions about this. They are as follows:

  1. If some DNS lookups are being refereed to the second pi-hole server (DNS preference 2), then how much traffic is being sent directly to DNS preference 3, or even 4?
  2. Most importantly, what makes a client decide to use a second preference? My understanding was that the next preference would only be used if the previous one was entirely unreachable? Is the preference system more like a load balancer as opposed to a fail-over?
Just looking for someone to demystify this if possible. Thank you for your time!
It should only move to the second dns server if the first can not be contacted or takes too long to respond it tries the next. Now that is just the common way most OS work there is no hard rule that says it must work that way.

A application does not have to actually use the DNS in the OS it appears. Chrome and firefox support encrypted DNS. I have not look at this enough to know if the browser has a dns configured or if it just tries to establish a secure connection by going down the list. This stuff is pretty new but I remember seeing that firefox turned it on by default again, they have had issues before.