DNSMASQ_WARN reducing DNS packet size

Thanks the theory is clear,

But I sill have 2 questions,

  1. can't this become a configuration in the "Upstream DNS Servers" part where the preconfigured servers have the default values as mentioned above?
  2. where can I see shat DNS packet, I'm interested to know which request exceeds the maximum packet size.
1 Like

You should find this in /var/log/pihole.log

1 Like

OK - your post convinced me to donate! I'm tech-able enough to make use of Pi-Hole and I love it.....so THANKS TO THE DEVELOPERS...ALL 3 OF YOU WHO MAINTAIN IT. The sinkholing of ads alone is worth it.

(Sorry...had to shout that out!!)

I have this same error, and with any luck, will manage to make 'em disappear following the instructions...not that I particularly care as they're really just "information".


It seams strange with the low packet size.. so what happens when you resolve dnssec? standart for that is 4096.


You'll retry over TCP where no limit exists (packets can be arbitrarily fragmented).

Just came across this as I updated my pi-hole and am now getting flooded with these alerts .
They are to the Cloudflare and Google DNS servers,, and that I have set in PiHole.

What I don't understand is if you know what the maximum packet size to these addresses are, and we have those DNS servers specified in pihole, why in the world is it trying to send anything larger than the maximum packet size to start with let alone adding Warnings, like there is a serious issue, when it reduces the size to 1280?

Especially infuriating as there is a non-stop bouncing alert for something that is apparently 'normal' and now way to $#@%#$% select all and clear this list of what quickly becomes hundred of items.

There very much is an easy way to clear the items:
hit the trashcan from the bottom up.

You know...
Follow the thread and copy/paste?

Do you need help opening a terminal and creating the 99-edns.cfg file and how to navigate to it and edit it?

Having to hit the trash can on every single entry for what is looking to be around 500 entries a day, every day, is not reasonable nor is having to go to a config file to address something that should not be reported and should have a two click delete option as is standard with any UI with possibility for multiple times.
You need help understanding what usability is and perhaps how to be useful instead of patronizing.

Actually, I was intending to help you get it done.
You seem to be able to type. edns-packet-max=1280 does not seem beyond your skillset. And like I said, If you were not sure how to create it and edit it, I intended to suggest a couple ways; the easiest, if you do not know Linux, would be to pull the card and put it in a machine that can edit text

I guess you get what you pay for.

Stop using it; that will teach them.

That was me being patronizing.

And you obviously didn't bother to read the other posts that highlighted why that is not ideal and can potentially affect performance.
I didn't address my question to you, and you didn't even attempt answer the question I asked (again not to you). Your comments continue to be useless and patronizing.

And you did not read that it is somewhere in the configuration of your network that is causing the problem.

That it has always reduced the packet size, it just did not alert you before.

You can use Unbound, dive into your router; many reasons were given why it is not ideal but the microseconds your home network experiences is not a major issue.

And actually, you replied to a reply to me, practically asking the same question and, somehow, did not understand how much work went into a detailed answer.

Now, do you want the help or not?

My reply was expressly to DL6ER, not you.

The question I asked was "What I don't understand is if you know what the maximum packet size to these addresses are, and we have those DNS servers specified in pihole, why in the world is it trying to send anything larger than the maximum packet size to start with let alone adding Warnings, like there is a serious issue, when it reduces the size to 1280?"

You didn't answer this nor did you provide any useful information. So no, I did not request, nor do I desire another useless, edgelord response from you.

Because they did not know the packet size for each one until they spent the time, one packet by one, to find it out.
They spelled that out.
I DID answer the question and so did they. I am far from trying to get attention, or insult you.
Honestly, it seems like you are demanding it and insulting.

He did it in this thread, for us on 12-21.
Just make the .cfg and type.

Go choose a DNS with a packet size lower than 1280. That is the simplest answer. And who knows when a DNS will, arbitrarily, change the packet size.

You know he has a day job?


"Does your Pi-hole show individual clients in the Query Log or only your router? Also, this may still be true as your router may be truncating the responses because of a low MTU. I don't think its' possible to give a general recommendation for all types of networks. Setting it to 1232 (not 1280) will always work. This is the default dnsmasq will have as a lower bound in the next releae."

They flat out say they are working on it...

Now I'm annoyed. >:(

Moderator here.

Enough. Both of you knock off the bashing, as this helps nobody.



sudo pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "Delete from message;"

If you see this warning, reducing the packet size will actually increase your performance.


OP here, was there a change pushed? because I just got the following errors, even though I changed the file that should fix the issue.

Maybe it's a coincidence and your upstream reduced just now to 1232. As you reduced to 1280 it's still larger than 1232.

So what has changed? Was this changed on their end?

I just tried it and can confirm (at least for that they changed it to 1232. I have no idea why you got it also for the other two, while I see -> 1452 -> 1452 -> 1232

Maybe you should just change the config to


the cloudflare manual mentions this/

we end up with a maximum DNS message size of 1472 bytes for IPv4 and 1232 bytes in order for a message to fit within a single packet. If the message is any larger than that, it will have to be fragmented into more packets.
source: https://blog.cloudflare.com/dns-flag-day-2020/

not sure if this has something to do with the probe and the actual size, but I still get the error if I don't bring it down to 1232. so maybe fragmentation is not supported?
not sure is this also affects other dns servers this way.
also I'm not sure why dns packages should be any larger then this.