Client 192.168.1.254 has been rate-limited (current config allows up to 1000 queries in 60 seconds)

The issue I am facing:
A few times a day I get this error in PiHole:

Client 192.168.1.254 has been rate-limited (current config allows up to 1000 queries in 60 seconds)

&

not using configured address 192.168.1.111 because it is in use by the server or relay

Details about my system:
Pi 3B+, with Debian.
PiHole and PiVPN up-to-date version

192.168.1.254 is my router
192.168.1.111 is my PiHole

What I have changed since installing Pi-hole:
Stopped using Conditional forwarding, as I hoped it would stop the error..

I hope we can solve it.

Thanks

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

https://tricorder.pi-hole.net/FbN20KrV/

Thank you

New log: https://tricorder.pi-hole.net/mad0mqx7/

Oke, I already solved "not using configured address 192.168.1.111 because it is in use by the server or relay".
I had configured a static address assignment for the IP address of Pi-hole. Removed that.
Did not know the error was also initiated due to command pihole -d :wink:

Today again the error:

2024-12-18 08:54:31	RATE_LIMIT	Client 192.168.1.254 has been rate-limited (current config allows up to 1000 queries in 60 seconds)

and again:

2024-12-18 09:49:18	RATE_LIMIT	Client 192.168.1.254 has been rate-limited (current config allows up to 1000 queries in 60 seconds)

It starts as I came home (around 18:00), and arrive on my Wifi. Till than I was connected via PiVPN/WireGuard, also installed on the same pi as Pihole. Also between 22:00 and 00:00...

and again this morning

2024-12-19 06:32:19	RATE_LIMIT	Client 192.168.1.254 has been rate-limited (current config allows up to 1000 queries in 60 seconds)

192.168.1.254 is my router...

a new log: https://tricorder.pi-hole.net/ybUUvzcJ/

Thanks!

Your debug log shows you are using local as local domain name:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   
   * Received 300 bytes from eth0:192.168.1.111
     DHCP options:
      Message type: DHCPOFFER (2)
      dns-server: 192.168.1.111
      domain-name: "local"
      router: 192.168.1.254
      --- end of options ---

This may be unrelated to your observation, but you should note that .local is the TLD reserved for mDNS usage and should not be used with plain DNS.
In addition, your Pi-hole host is aware of different local domains altogether:

-rw-r--r-- 1 root root 150 Dec 12 11:20 /etc/resolv.conf
   search home.arpa fritz.box

After we've addressed your issue, you should change that to one of the domains recommended for private network use, e.g. .internal, .lan or .home.arpa, or perhaps fritz.box if you'd be using a FritzBox router.

In general, a client would be rate limited when sending excessive DNS requests exceeding Pi-hole' default threshold of 1,000 requests per minute.
You'd be likely to observe that in configurations where clients use the router for DNS while the router is using Pi-hole as its upstream, aggregating DNS requests for the entire network.

However, your Pi-hole DHCP server is distributing Pi-hole as local DNS server, so your DHCP clients would talk to Pi-hole, avoiding aggregation.
You also do not have Conditional Forwarding enabled, which may have closed a partial DNS loop if your router would use Pi-hole as its upstream.

This would eliminate the two most common causes for rate limiting, leaving you to find out why your router would send excessive DNS requests at times.
Inspecting the actual queries your router has sent may reveal if blocking would be involved, or hint at stray clients still using your router for DNS.

Fortunately, your most current debug log contains the exact log lines when rate limiting has occurred:

*** [ DIAGNOSING ]: contents of /var/log/pihole

-rw-r--r-- 1 pihole pihole 86K Dec 18 09:08 /var/log/pihole/FTL.log
   -----tail of FTL.log------
   [2024-12-18 08:54:31.630 4911M] Rate-limiting 192.168.1.254 for at least 8 seconds
   [2024-12-18 08:54:39.339 4911/T4947] Still rate-limiting 192.168.1.254 as it made additional 2850 queries
   [2024-12-18 08:55:39.401 4911/T4947] Ending rate-limitation of 192.168.1.254

This allows us to take a closer look at the DNS requests that your router has send in the prior 60 seconds.

Run from your Pi-hole machine, please share output of:

pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT domain, reply_type, count(*) FROM queries \
WHERE timestamp > strftime('%s','2024-12-18 08:54:31.630', '-1 minute', 'utc') \
AND timestamp <= strftime('%s','2024-12-18 08:54:31.630', 'utc') \
AND client = '192.168.1.254' GROUP BY domain, reply_type ORDER BY 3 DESC LIMIT 10;"
1 Like

Sorry for the late reaction (X-mas parties etc.).
Thank you for the extensive explanation and analysis!

Hereby the response of the queries:

sentry.dtnr.nl|7|550
diny.rijksmeldingenapp.nl|7|503
eu-mobile.events.data.microsoft.com|4|6
8169-ipv4v6e.clump.dprodmgd104.aa-rt.sharepoint.com|3|3
connect.linksys.com|3|3
in.appcenter.ms|3|3
outlook.live.com|3|3
proxy.safebrowsing.apple|3|3
europe.smartscreen.microsoft.com|3|2
in1-gw2-05-3d6c3051.eastus2.cloudapp.azure.com|1|2

Also a new entry:

2024-12-21 09:59:37	RATE_LIMIT	Client 192.168.1.254 has been rate-limited (current config allows up to 1000 queries in 60 seconds)

Query:

WHERE timestamp > strftime('%s','2024-12-21 09:59:37.000', '-1 minute', 'utc') \
AND timestamp <= strftime('%s','2024-12-21 09:59:37.999', 'utc') \
AND client = '192.168.1.254' GROUP BY domain, reply_type ORDER BY 3 DESC LIMIT 10;"

snowirs-dtr.dictu.cloud|0|483
snowirs-dtr.dictu.cloud|7|481
lb._dns-sd._udp.0.1.168.192.in-addr.arpa|0|5
lb._dns-sd._udp.fritz.box|2|4
8169-ipv4v6e.clump.dprodmgd104.aa-rt.sharepoint.com|3|3
clients.config.office.net|3|3
common-afdrk.fe.1drv.com|3|3
my.microsoftpersonalcontent.com|3|3
189013-ipv4.farm.dprodmgd104.aa-rt.sharepoint.com.dual-spov-0006.spov-msedge.net|3|2
dual-spov-0006.spov-msedge.net|1|2

Latest pihole -d: https://tricorder.pi-hole.net/LTInzs8n/

It's not your router that issues those queries. The domains suggest that clients have sent them, likely running MS Windows and some of Apple's OSs.

Did you force your clients to get a new DHCP lease yet, e.g. by dis- and reconnecting to wifi, or by power cycling them?

Some routers hand out DHCP leases with a long lifetime (e.g. FritzBoxes default to 10 days), so you still may have clients talking to your router for DNS.

I rebooted al my devices, don't run Windows, only MacOS, but I do use Office365.

I also tried to change the domain for private network to home.arpa.

After rebooting my router I got the error:

2024-12-22 00:09:28 DNSMASQ_WARN Warning in `dnsmasq` core: Maximum number of concurrent DNS queries reached (max: 150) Check out [our documentation](https://docs.pi-hole.net/ftldns/dnsmasq_warn/) for further information.

And later in the morning again the error:

2024-12-22 09:51:47 RATE_LIMIT Client 192.168.1.254 has been rate-limited (current config allows up to 1000 queries in 60 seconds)

I made a new debug log: https://tricorder.pi-hole.net/dtPr6AA9/

Again the same error today:

2024-12-25 14:01:17	RATE_LIMIT	Client 192.168.1.254 has been rate-limited (current config allows up to 1000 queries in 60 seconds)

New pihole -d:

https://tricorder.pi-hole.net/BvXK0sXj/

You need to identify the devices still sending requests to your router. Judging from the domains it is at least one mobile device:

eu-mobile.events.data.microsoft.com -> Microsoft Mobile Apps
rijksmeldingenapp.nl -> Dutch government emergency notifications

Power cycle every device and verify network settings for every device.

Thanks, hopefully I found the problem. A iPhone SE third generation kept an old DNS server.
Even after deleting the Wifi settings, and rebooting.
After manual deleting the extra DNS (IPv6) server which came back every time, and maybe was the routers (IPV6) address?, I hope the errors are solved now.

No other strange configurations or other sugesstions on my config?

piHole -d: https://tricorder.pi-hole.net/d8VMPbCy/

Thanks!

Your debug log shows that the machine hosting your Pi-hole has acquired two IPv6 DNS server addresses:

*** [ DIAGNOSING ]: contents of /etc

-rw-r--r-- 1 root root 140 Dec 23 18:22 /etc/resolv.conf
   search home.arpa
   nameserver 2a02:<redacted>5b
   nameserver 2a02:<redacted>85

It is highly likely that at least one of them belongs to your router (some Belkin equipment?), indicating that your router would be advertising its own IPv6 address as DNS server, allowing your clients (like your iPhone) to by-pass Pi-hole by using your router instead.

In your case, it would seem that your router's IPv6 may be receiving client DNS requests, but as its only aware of your Pi-hole's IPv4 as upstream, it is forwarding them to Pi-hole, so they still get filtered, but you wouldn't be able to attribute DNS requests to individual clients, and the number of aggregated requests may trigger Pi-hole's rate-limiting.

You'd have to find a way to configure your router to stop advertising any IPv6 as DNS server, or to advertise your Pi-hole host machine's IPv6.

You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.

If your router's IPv6 configuration is lacking, you could consider to raise Pi-hole's rate limit.
Your actual rate limit should consider your number of clients as well as their DNS business, i.e. if n would be the number of clients, I'd probably start out with (n ÷ 2 *1000), so e.g. RATE_LIMIT=4000/60 for 8 clients.
That should mitigate your rate limit observation, but may make max concurrent warnings more likely, so we may have to deal with that separately if you'd still observe that (if your router doesn't allow IPv6 DNS configuration, that is).

Thanks for that. So problem should be the IPv6 config of my router.
Maybe I configured everything all wrong although it is working fine except the error:

My situation:

Modem/Mesh: ISP <----> FRITZ!Box 7590 <---> Linksys Velop WHW03 V2
Connection: Internet <--> LAN <----------------> LAN/Wifi with PiHole & DHCP server
IP-address : Fix-IP <---->192.168.178.x/24 <--> 192.168.1.x/24

Best wishes for 2025!

After disabeling IPv6 on my router, the problems got worse:

|2024-12-31 21:49:30|RATE_LIMIT|Client 192.168.1.110 has been rate-limited (current config allows up to 1000 queries in 60 seconds)||
| --- | --- | --- | --- |
||2025-01-01 00:15:03|DISK|Disk shortage (`/etc/pihole/pihole-FTL.db`) ahead: **95% used**

/etc/pihole: 14.7GB used, 15.4GB total||
||2025-01-01 00:15:03|DISK|Disk shortage (`/var/log/pihole/FTL.log`) ahead: **95% used**

/var/log/pihole: 14.7GB used, 15.4GB total||
||2025-01-01 00:35:02|LOAD|Long-term load (15min avg) larger than number of processors: **5.3 > 4**
This may slow down DNS resolution and can cause bottlenecks.|

uploading debug log (pihole -d) also ends in error:

   * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only.

[?] Would you like to upload the log? [y/N] y
    * Using curl for transmission.
    * curl failed, contact Pi-hole support for assistance.
    * Error message: curl: (6) Could not resolve host: tricorder.pi-hole.net

[✗] There was an error uploading your debug log.
   * Please try again or contact the Pi-hole team for assistance.
   * A local copy of the debug log can be found at: /var/log/pihole/pihole_debug.log

After 2 days:


2025-01-03 00:18:36 LOAD Long-term load (15min avg) larger than number of processors: **5.0 > 4**
This may slow down DNS resolution and can cause bottlenecks.
2025-01-03 00:18:37 DISK Disk shortage (`/etc/pihole/pihole-FTL.db`) ahead: **99% used**

/etc/pihole: 15.4GB used, 15.4GB total
2025-01-03 00:18:39 DISK Disk shortage (`/var/log/pihole/FTL.log`) ahead: **99% used**

/var/log/pihole: 15.4GB used, 15.4GB total

Your router was at 192.168.1.254 - what machine is .110?

FritzBox routers can be configured to not offer an IPv6 DNS server address to clients at all, see e.g. Unresolved ipv6 adress in my top list - #4 by Bucking_Horn.

But those IPv6 nameservers from your resolv.conf definitely didn't belong to your FritzBox, so it may be your Linksys equipment advertising those IPv6 addresses.
What's the purpose of that Linksys equipment anyway?

110 is a Raspberry Pi 3B+ with Bookworm, running Domoticz, Homebridge and MQTT

The Linksys Velop is my Wifi Mesh, with 4 nodes. I have switched off IPv6 on the Linksys Velop.

I'll try to switch of IPv6 on the Fritz!box. Done!

Oke, since I disabled IPv6 on the Fritzbox the problem "RATE_LIMIT Client 192.168.1.254 has been rate-limited (current config allows up to 1000 queries in 60 seconds)" seemed to disapeared.
Got two problems back:

  1. Still dns resolving on the raspberry itself where Pi-hole is running does not work, although all clients use Pi-hole as DNS server and runs well. So i can't dos apt update etc. and also no debug log uploading

  2. LOAD Long-term load (15min avg) larger than number of processors: **7.1 > 4** This may slow down DNS resolution and can cause bottlenecks.

Is Pi-hole listening on all IP's (0.0.0.0 and *)?

sudo ss -nltup sport = 53

And does it respond on the localhost IP?

dig +short @127.0.0.1 version.bind chaos txt

dig +short @127.0.0.1 pi-hole.net

Whats in below file?

grep nameserver /etc/resolv.conf

How exactly did you configure the DNS server(s) on that Pi host?

You should figure out who is causing the high load.
You have the top and htop commands for that.

Last login: Fri Jan  3 14:13:47 2025 from 10.210.160.4
pi@Pi-hole:~ $ sudo ss -nltup sport = 53
Netid   State    Recv-Q   Send-Q     Local Address:Port     Peer Address:Port   Process                                                                         
udp     UNCONN   0        0                0.0.0.0:53            0.0.0.0:*       users:(("pihole-FTL",pid=599,fd=8))                                            
udp     UNCONN   0        0                      *:53                  *:*       users:(("pihole-FTL",pid=599,fd=10))                                           
tcp     LISTEN   0        32               0.0.0.0:53            0.0.0.0:*       users:(("pihole-FTL",pid=599,fd=9))                                            
tcp     LISTEN   0        32                  [::]:53               [::]:*       users:(("pihole-FTL",pid=599,fd=11))
pi@Pi-hole:~ $ dig +short @127.0.0.1 version.bind chaos txt
pi@Pi-hole:~ $
pi@Pi-hole:~ $ dig +short @127.0.0.1 pi-hole.net
3.18.136.52
pi@Pi-hole:~ $
pi@Pi-hole:~ $ grep nameserver /etc/resolv.conf
nameserver 2a02:<redacted>5b

How exactly did you configure the DNS server(s) on that Pi host?