Everything starting with my_* should be customized for your environment. I use the router as the DNS server so I can still have control and a central place to redirect via NAT rule. For this to work best, I also recommend setting the router as a second DNS server address on all clients. This works fast enough that I receive all the notification emails :)
EDIT: I realized that, if the device never went down, Netwatch will always run the "Up" script any time a change is made to it (because the device is still "up"). I don't want this to happen if the pihole never went down, so I put a condition in to check whether the router is actually acting as a DNS server before doing anything.
EDIT 2: Turns out you can't script firewall rule changes unless you either enumerate all rules first with a print, or determine their internal IDs and use those (see
viewtopic.php?p=632253 for more details). I cheated and just did the print, but later when I have the chance I'll do it a better way.
Netwatch down script for the pihole IP:
# script to enable backupDNS if pihole doesn't ping
# this script does nothing if the core switch is also down
# set variables
:local myhost ([/system identity get name])
:local recv my_alerts@email.com
:local target my_pihole;
# Query the core switch interface
:local inetinterface "ether1"
:if ([/interface get [find name="$inetinterface"] running]=true) do={
:log info "BackupDNS: Pihole down, enabling"
# change to your upstream resolvers
/ip dns set servers=your_resolver_IP1,your_resolver_IP2
:delay 2
:log info "BackupDNS: resolvers changed"
# enable DNS server
/ip dns set allow-remote-requests=yes
:delay 2
:log info "BackupDNS: started server"
# assuming you have one NAT redirect rule which is first in the list, change the to-address to your router IP
/ip firewall nat print; /ip firewall nat set to-addresses=your_router_IP numbers=1
:delay 1
:log info "BackupDNS: NAT rule redirected"
# email notification
/tool e-mail send to=$recv subject="$myhost started BackupDNS" body="On $mydate at $mytime, $myhost started BackupDNS because $target was reported down."
} else={ :log info "BackupDNS: Core switch interface $inetinterface is not running, script exited" }
Netwatch up script for the pihole IP:
# script to disable secondary DNS when pihole is back up
# set variables
:local myhost ([/system identity get name])
:local recv my_alerts@email.com
:local target my_pihole;
:if ([/ip dns get allow-remote-requests]=true) do={
# email notification
/tool e-mail send to=$recv subject="$myhost stopping BackupDNS" body="On $mydate at $mytime, $myhost stopping BackupDNS because $target was reported back up."
:delay 10
:log info "BackupDNS: Pihole up, stopping"
# change resolver back to my_pihole
/ip dns set servers=my_pihole_IP
:delay 1
:log info "BackupDNS: pihole now set as resolver"
# assuming you have one NAT redirect rule which is first in the list, change back to your pihole
/ip firewall print; /ip firewall nat set to-addresses=my_pihole_IP numbers=1
:delay 1
:log info "BackupDNS: NAT rule changed back to pihole"
# disable DNS server and flush the cache
/ip dns set allow-remote-requests=no
:delay 1
/ip dns cache flush
:log info "BackupDNS: DNS server disabled and cache flushed"
} else={ :log info "BackupDNS: Pihole is up but router wasn't DNS server, script exited" }