Change to rate limiting

I'm not observing that behaviour in my network, but very likely, that's because I completely mock connectivity checks in my setup.

Still, I wonder if Google's developers wouldn't do better than having devices hammer a DNS server for replies in such short succession.

In searching for a possible explanation (and for potential means of mitigation), could you please check your Pi-hole's dnsmasq configuration for your current local-ttl?

Since Pi-hole FTL v5.10.1, that defaults to zero if it hasn't been set explicitly.

I'm not entirely sure whether that would also apply to REFUSED replies you are likely seeing during outages, when Pi-hole isn't able to contact any upstreams.
But a client trusting to receive a potentially different reply for the same domain after its TTL has expired may well decide to repeat its request immediately when seeing a zero TTL value.

You could try to set an explicit local-ttl value by creating a custom configuration with the following content (e.g. /etc/dnsmasq.d/99-local-ttl.conf):


Of course, you'd need to wait for clients to excessively request resolution again, before being able to verify if this would have any effect on your observation.