DNS Redundancy using Keepalived and VRRP

-

Case Study: Non-Invasive High Availability DNS with AdGuard Home & Keepalived

Ensuring 99.9% Uptime without modifying Core Router configurations.

1. Executive Summary

In any home lab or small office, DNS is a critical service. A single point of failure here means a total network-wide "internet outage." This case study explores a Non-Invasive High Availability (HA) setup using AdGuard Home and Keepalived on Proxmox LXC. The goal: Zero downtime during maintenance while keeping the core router configuration simple and untouched.

2. Key Technical Concepts

  • Keepalived: A routing software that monitors services and manages failover automatically.
  • VRRP (Virtual Router Redundancy Protocol): The protocol used by servers to "talk" and share a single Virtual IP (VIP).
  • Keep Alive: A mechanism to check if a connection or a neighbor node is still active.
  • Non-Invasive Design: Failover logic is handled at the Linux level, so the core router doesn't need complex OSPF or BGP scripts.

3. Infrastructure Topology

[ Core Router / Gateway ] (Only points DNS to 192.168.50.100) | v +-------------------------+ | Virtual IP (VIP) | | 192.168.50.100 | <--- No Router changes needed! +-----------+-------------+ | +---------+---------+ | (VRRP Heartbeat) | v v +-----------------+ +-----------------+ | Node 1: MASTER | | Node 2: BACKUP | | 192.168.50.4 | | 192.168.50.5 | | (AdGuard Home) | | (AdGuard Home) | +-----------------+ +-----------------+

4. Step-by-Step Implementation (Beginner Friendly)

Step 1: The Foundation (LXC Setup)

Create two Debian-based LXC containers on Proxmox. Ensure your network subnet is /24 (255.255.255.0). This ensures the servers can "see" the Virtual IP.

Step 2: Install Redundancy Tools

On both containers, run:
apt update && apt install keepalived -y

Step 3: Configure the "Brain" (Keepalived Config)

Edit /etc/keepalived/keepalived.conf. Set Node 1 to Priority 100 and Node 2 to Priority 90. This tells the network that Node 1 is the leader.

Step 4: Clear the Path (Port 53)

Disable the default Linux DNS service to let AdGuard Home take over:
systemctl stop systemd-resolved && systemctl disable systemd-resolved

Step 5: AdGuard Home "Bind" Setting

In your AdGuardHome.yaml, set bind_hosts: 0.0.0.0. This is the secret sauce that allows AdGuard to answer requests from both its physical IP and the Virtual IP.

5. Test Cases

Test Scenario Action Expected Result
Normal Operation Ping 192.168.50.100 Consistent replies from Node 1.
Hard Failover Shutdown Node 1 LXC VIP moves to Node 2 (1-2 packets lost).
Self-Healing Restart Node 1 Node 1 reclaims the VIP (Preemption).
    

                                                     First Image: shows the first DNS is off 

                                                 
                                                Second Image: shows the second DNS is off 

6. Why This is "Pro" Level

By keeping the logic inside Linux/Proxmox, you achieve Hardware Independence. Whether you use a MikroTik, Asus, or TP-Link router, the setup remains the same. You don't risk breaking your core network because all the "magic" happens inside the containers.

Case Study by Jeric Agra | Filipino Tech Share 2026

Comments

Post a Comment

Popular posts from this blog

Suricata on Mikrotik(IDS+IPS) = Part 4 - Configuration of the IPS Part

-
Image
  Configuration Disclaimer:  this one again is only for  ubuntu 18.04  and login as  root  user to be sure Make sure you have a good understanding of the suricata rules before doing this This might cause some disconnection from the site or services you are visiting and even the internet if not properly configured. In the real environment it is best not to run as root user but for the sake of just testing it I opted to run as root configure the following rules on your mikrotik router: /ip firewall filter add action=drop chain=input comment="Block bad actors" src-address-list=Blocked /ip firewall filter add action=drop chain=forward comment="Drop any traffic going to bad actors" dst-address-list=Blocked create a user group with all policies checked except telnet create a user allowing your local addresses with the group you created earlier Lets Start ... 1.      Install PHP         apt install php -y 2.   Navigate...
Read more

DHCP for Dummies: How Your Devices Get Online Without You Lifting a Finger

-
Image
DHCP for Dummies: How Your Devices Get Online Without You Lifting a Finger Introduction Ever wondered how your phone, laptop, or smart TV connects to the internet without you having to do anything? One minute you’re tapping "Connect to Wi-Fi," and the next, boom—you’re online. That magic? It’s all thanks to DHCP. DHCP (Dynamic Host Configuration Protocol) is what hands out IP addresses to your devices, kind of like a hotel receptionist giving guests room keys. It’s automatic, invisible, and keeps everything running smoothly—until something breaks. In this guide, you’ll learn: ✔️ What DHCP is (in plain English). ✔️ How it works behind the scenes. ✔️ Why it’s better than manually assigning IP addresses. ✔️ How to fix common DHCP problems without calling IT. By the end, you’ll have a solid grip on DHCP—even if tech stuff usually makes your head hurt. Let’s go! --- What is DHCP? (The No-Nonsense Explanation) Okay, imagine you walk into a hotel. You don’t pick a room or set up a k...
Read more

Media Server vs File Server in a nutshell

-
Image
Media Server vs File Server in a nutshell A media server is like your personal Netflix. It doesn’t just store your movies, shows, or music – it also organises them, adds cool stuff like posters and descriptions, and remembers where you stopped watching. It can even adjust the files so they play perfectly on any device you’re using. Examples? Plex, Jellyfin, or Emby. A file server , on the other hand, is like a shared storage box. It just holds your files and lets you access them from your devices. You can still watch your movies or listen to music from it, but there’s no fancy organisation, no movie posters, no “resume playback,” and it won’t fix any file that doesn’t work on your device. So, think of it this way: Media server = organised, smart, user-friendly. File Server = simple, no-frills file storage. References: - https://www.geeksforgeeks.org/what-is-file-server/ - https://medium.com/@divitia/jellyfin-vs-plex-what-should-you-choose-4f8337cd...
Read more