Posted: Sun Jul 28, 2024 3:53 Post subject: Internet goes down for 2 minutes or so randomly...
Strange issue, but my internet keeps dropping randomly on all of my LAN devices which are connected to my trendnet tew-818dru router running ddwrt v3.0-r51043 for a few minutes at a time randomly...
When the disconnect happens, I see the following in the syslog:
Code:
Jul 27 21:30:30 router daemon.warn dnsmasq[1836]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 27 21:30:49 router daemon.warn dnsmasq[1836]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 27 21:31:17 router daemon.warn dnsmasq[1836]: Maximum number of concurrent DNS queries reached (max: 150)
What does this mean? How is this possible? Can this be increased?
Also, I find these entries strange (but these didn't happen at the time of the internet going down):
Code:
Jul 27 21:00:40 router daemon.warn dnsmasq[1836]: possible DNS-rebind attack detected: browser.pipe.aria.microsoft.com
Jul 27 21:00:40 router daemon.warn dnsmasq[1836]: possible DNS-rebind attack detected: browser.pipe.aria.microsoft.com
Jul 27 21:06:45 router daemon.warn dnsmasq[1836]: reducing DNS packet size for nameserver 205.171.2.25 to 1232
I have DDWRT setup to use adblocking DNS servers in the DHCP Static DNS sections, so why would it still be talking to the CenturyLink DNS server?
Joined: 08 May 2018 Posts: 16808 Location: Texas, USA
Posted: Sun Jul 28, 2024 3:58 Post subject:
It would help to see all applicable settings in the form of screenshots. Also, if it's not a problem with current release and there's something broken in the release you are on, you should consider upgrading.
You can increase your DNSMasq cache size w/ the following directive in the "Additional DNSMasq Options" field on the Services page.
Code:
cache-size=1000
The rebind attack message just means your router is doing as directed by your current DNSMasq setting, namely, to prevent the return of IPs in the private IP space from public DNS servers, which is sometimes used as a means to gain access to your internal network. On occasion, this may be valid, such as in the case of a site-to-site VPN, where each site has a private IP network, and is attempting to access the other's DNS server for remote name resolution. In such cases, you can make an exception using the following DNSMasq directive.
Joined: 16 Nov 2015 Posts: 7112 Location: UK, London, just across the river..
Posted: Sun Jul 28, 2024 6:58 Post subject:
as it was advised upgrade to the last build so far 57595..as you are running an outdated build
with missing vital binaries updates...like dnsmasq and ect.
the fact you have reached the max concurrent requests means you have a device in your network that makes quite of a few extra DNS requests...you'd need to investigate that...
to increase the max concurrent requests add this to DNSmasq advanced config box
dns-forward-max=200
or even more...but its not very advised...better investigate at first...
I do have 200 but, in my case i do have quite busy network with lots of clients...and it never exceeded those... _________________ Atheros
TP-Link WR1043NDv2 -DD-WRT 62606 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 -DD-WRT 63600 GTW/SmDNS/DoT,AD-Blk,Forced DNS,AP&Net Isolation,x2VLAN,Vanilla
Netgear R7800 --DD-WRT 62606 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla,VPN cli
Netgear R9000 --DD-WRT 62606 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 62606
Broadcom
Netgear R7000 --DD-WRT 63790 GTW/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN cli
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
No idea why you all want to add any “additional options”.
This is a GUI option that was added somewhere in build r50944 _________________ Quickstart guides:
Joined: 16 Nov 2015 Posts: 7112 Location: UK, London, just across the river..
Posted: Sun Jul 28, 2024 8:34 Post subject:
sry to spam the thread, but dns-forward-max is not visible on all routers...even after the update..
as well it wont harm....
_________________ Atheros
TP-Link WR1043NDv2 -DD-WRT 62606 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 -DD-WRT 63600 GTW/SmDNS/DoT,AD-Blk,Forced DNS,AP&Net Isolation,x2VLAN,Vanilla
Netgear R7800 --DD-WRT 62606 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla,VPN cli
Netgear R9000 --DD-WRT 62606 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 62606
Broadcom
Netgear R7000 --DD-WRT 63790 GTW/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN cli
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Oh that's right, someone already told me that in the PI-Hole thread.
apparently i have a bad memory and maybe that should be fixed _________________ Quickstart guides:
