I ran into issue where my current setup results huge number of DNS queries and eventually pihole rate limiter kicks in which results no connection.
10.10.10.254 is pihole
Output the last lines of the pihole.log file (live)
Code:
Mar 24 16:43:41: Rate-limiting www.apple.com is REFUSED (EDE: blocked)
Mar 24 16:43:41: query[A] www.apple.com from 10.10.10.1
Mar 24 16:43:41: config error is REFUSED (EDE: blocked)
Mar 24 16:43:41: Rate-limiting www.apple.com is REFUSED (EDE: blocked)
Mar 24 16:43:44: query[HTTPS] gsp85-ssl.ls.apple.com from 10.10.10.1
Mar 24 16:43:44: config error is REFUSED (EDE: blocked)
Mar 24 16:43:44: Rate-limiting gsp85-ssl.ls.apple.com is REFUSED (EDE: blocked)
Mar 24 16:43:44: query[A] gsp85-ssl.ls.apple.com from 10.10.10.1
Mar 24 16:43:44: config error is REFUSED (EDE: blocked)
Mar 24 16:43:44: Rate-limiting gsp85-ssl.ls.apple.com is REFUSED (EDE: blocked)
Mar 24 16:43:44: query[SVCB] _dns.resolver.arpa from 10.10.10.1
Mar 24 16:43:44: config error is REFUSED (EDE: blocked)
Mar 24 16:43:44: Rate-limiting _dns.resolver.arpa is REFUSED (EDE: blocked)
Mar 24 16:43:44: query[HTTPS] init.push.apple.com from 10.10.10.1
Mar 24 16:43:44: config error is REFUSED (EDE: blocked)
Mar 24 16:43:44: Rate-limiting init.push.apple.com is REFUSED (EDE: blocked)
Mar 24 16:43:44: query[A] init.push.apple.com from 10.10.10.1
Mar 24 16:43:44: config error is REFUSED (EDE: blocked)
Mar 24 16:43:44: Rate-limiting init.push.apple.com is REFUSED (EDE: blocked)
Mar 24 16:43:44: query[A] gateway.icloud.com from 10.10.10.1
Mar 24 16:43:44: config error is REFUSED (EDE: blocked)
Mar 24 16:43:44: Rate-limiting gateway.icloud.com is REFUSED (EDE: blocked)
Mar 24 16:43:44: query[TXT] push.apple.com from 10.10.10.1
Mar 24 16:43:44: config error is REFUSED (EDE: blocked)
Mar 24 16:43:44: Rate-limiting push.apple.com is REFUSED (EDE: blocked)
Mar 24 16:43:44: query[HTTPS] m.hotmail.com from 10.10.10.1
Mar 24 16:43:44: config error is REFUSED (EDE: blocked)
Mar 24 16:43:44: Rate-limiting m.hotmail.com is REFUSED (EDE: blocked)
Mar 24 16:43:44: query[A] m.hotmail.com from 10.10.10.1
Mar 24 16:43:44: config error is REFUSED (EDE: blocked)
Mar 24 16:43:44: Rate-limiting m.hotmail.com is REFUSED (EDE: blocked)
Mar 24 16:43:45: query[SVCB] _dns.resolver.arpa from 10.10.10.1
Mar 24 16:43:45: config error is REFUSED (EDE: blocked)
Mar 24 16:43:45: Rate-limiting _dns.resolver.arpa is REFUSED (EDE: blocked)
And when in the time period was the dns redirection activated?
By the way, you have to click on one of those high bars to get to the query log and see which queries are being queried in bulk.
But I can see from your screenshots that you are using a firmware version that is at least 1.5 years old.
You should update the router firmware and dnsmasq or at least add these options to dnsmasq
Code:
bogus-priv
dns-forward-max=150
and increase the rate limit to 5000-10000
1000 is the limit for a single client, but the router acts as a proxy and there can be 10-100 clients behind one ip address
your dashbord also looks a bit strange, it has blocked 190 queries in 24h ...
Well, I don't know what to say, but seems issue was self-resolved after I completely rebooted my pihole and router (which I tried earlier too).
To answer your earlier questions,
Redirection was re-activated just temporarily so I could demonstrate spikes on dashboard. I had to disable it before due to same issue.
I clicked on one of higest bars and tried to look for high amount of same queries which I found from apple devices.
However I could manually cause similar spikes by just navigating to various websites and total queries count shoots up immediately on dashboard.
I'm not sure where it was indicated I run outdated firmware as my router has r55416
My wireguard Peer DNS Tunnel setting has 10.10.10.1
I tried ctrl+f5 and private window (which should eliminate any caching problem) with no difference. This option is simply not there for my rt-n18u
I can instead use dns-forward-max=150 option you shared earlier and take another look once I go for reset route.