I have a Tplink router ArcherA9
I am running Home assistant and pi-hole as VM in 2 separate CLs
I have few smart devices at home
I keep getting this error every other day "Maximum number of concurrent DNS queries reached (max: 150)"
I am using the router DHCP instead of pi-holes'
I have neither Conditional Forwarding enabled nor bind only to interface eth0
Can someone please tell me what's going on?
From our documentation, which is linked below the warning in the diagnosis log.
"The configured maximum number of concurrent DNS queries for a given server is reached. The system is either very busy at the moment or not receiving queries from the configured upstream. Check your connectivity or the upstream DNS server status.
The warning can also be printed when being spammed with an excessive amount of duplicates or when the upstream server never replies for specific domains. Check your logs and try to identify similarities between the query directly preceding this warning and earlier queries in /var/log/pihole/pihole.log. Try to find out if your upstream does maybe never reply to specific domains and fix this.
This warning is printed at most once every five seconds (per upstream server) to help mitigate unlimited log file growth."
Thank you for your reply. I have been checking the log through the custom time Pi-hole reported the error. I couldn’t find an excessive amount of duplicates. Maybe a couple of retried attempts here and there.
I am not network savvy and I am still learning.
I put the command var/log/pihole/pihole.log in Pi-hole terminal and I keep getting permission denied. So I tried nano before the command and I get an empty folder.
I had deleted the errors from the web interface last night and I will check again today to see if the error comes back with the same domain that’s having the issue.
As explained, that message is caused by a flood of DNS queries reaching your Pi-hole. 150 concurrent queries is nothing your would normally see on a home network by far. It often would suggest a DNS loop of sorts, but as your debug log doesn't show any hints of such a loop, that would suggest that your observation may be be caused by misbehaving client(s).
The following commands may help when trying to identify which clients/domains are involved:
echo ">stats >quit" | nc localhost 4711
echo ">top-domains >quit" | nc localhost 4711
echo ">top-ads >quit" | nc localhost 4711
echo ">top-clients >quit" | nc localhost 4711
2 Likes
could I paste the results here so I can have other sets of eyes?
Most folks do, I'd say go ahead and post it. The only thing for devs' eyes only is usually the debug log, I think.
That's what this forum is for. 
1 Like
That is not a command, it is file path and name. To see the log contents use:
sudo cat /var/log/pihole/pihole.log
Try to redact or partially redact MAC and public IPv6 GUA addresses where possible!
1 Like
root@Pi-Hole:~# **echo ">top-clients >quit" | nc localhost 4711**
0 47536 192.168.0.xxx = Home assistant
1 24899 192.168.0.xxx = TV
2 22529 192.168.0.xxx = Asus AP
3 12777 192.168.0.xxx = amazon-a7d359f6e
4 2228 192.168.0.xxx = unknown lol
5 2041 192.168.0.xxx HS105(smart switch)
6 1859 192.168.0.xxx = unknown
7 1486 192.168.0.xxx = PC
8 1403 192.168.0.xxx HS105 = smart switch
9 934 192.168.0.xxx = unknown
root@Pi-Hole:~# **echo ">top-ads >quit" | nc localhost 4711**
0 29420 scribe.logs.roku.com
1 6104 cloudservices.roku.com
2 2127 device-metrics-us-2.amazon.com
3 1074 device-metrics-us.amazon.com
4 614 app-measurement.com
5 412 7ba3f64df98de730df38846b54ecfbdf7f61f80f.cws.conviva.com
6 376 api.smoot.apple.com
7 314 gs-loc.apple.com
8 301 s.amazon-adsystem.com
9 267 mads.amazon-adsystem.com
root@Pi-Hole:~# **echo ">top-domains >quit" | nc localhost 4711**
0 6286 checkonline.home-assistant.io
1 5591 api.wyzecam.com
2 4493 api.weather.gov
3 4389 pubsub.googleapis.com
4 2890 smartapi.vesync.com
5 2156 pool.ntp.org
6 1724 aic.lgthinq.com
7 1343 api.amazonalexa.com
8 1096 rest-u003.immedia-semi.com
9 1058 app-snaps.ring.com
root@Pi-Hole:~# **echo ">stats >quit" | nc localhost 4711**
domains_being_blocked 245417
dns_queries_today 120499
ads_blocked_today 45521
ads_percentage_today 37.777077
unique_domains 2480
queries_forwarded 50291
queries_cached 18924
clients_ever_seen 34
unique_clients 34
dns_queries_all_types 120499
reply_UNKNOWN 8777
reply_NODATA 5615
reply_NXDOMAIN 8742
reply_CNAME 26655
reply_IP 65909
reply_DOMAIN 103
reply_RRNAME 36
reply_SERVFAIL 0
reply_REFUSED 4142
reply_NOTIMP 0
reply_OTHER 0
reply_DNSSEC 0
reply_NONE 0
reply_BLOB 520
dns_queries_all_replies 120499
privacy_level 0
status enabled
This is the var/log result:
root@Pi-Hole:~# cat /var/log/pihole/pihole.log
Jul 29 11:32:53 dnsmasq[336]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 11:32:59 dnsmasq[336]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 11:33:05 dnsmasq[336]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 11:33:11 dnsmasq[336]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 11:33:17 dnsmasq[336]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 11:33:23 dnsmasq[336]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 11:33:29 dnsmasq[336]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 11:47:22 dnsmasq[336]: exiting on receipt of SIGTERM
Jul 29 11:49:53 dnsmasq[337]: started, version pi-hole-2.87test8 cachesize 10000
Jul 29 11:49:53 dnsmasq[337]: DNS service limited to local subnets
Jul 29 11:49:53 dnsmasq[337]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
Jul 29 11:49:53 dnsmasq[337]: using nameserver 1.1.1.1#53
Jul 29 11:49:53 dnsmasq[337]: using nameserver 1.0.0.1#53
Jul 29 11:49:53 dnsmasq[337]: using only locally-known addresses for onion
Jul 29 11:49:53 dnsmasq[337]: using only locally-known addresses for bind
Jul 29 11:49:53 dnsmasq[337]: using only locally-known addresses for invalid
Jul 29 11:49:53 dnsmasq[337]: using only locally-known addresses for localhost
Jul 29 11:49:53 dnsmasq[337]: using only locally-known addresses for test
Jul 29 11:49:53 dnsmasq[337]: read /etc/hosts - 5 addresses
Jul 29 11:49:53 dnsmasq[337]: read /etc/pihole/custom.list - 2 addresses
Jul 29 11:49:53 dnsmasq[337]: read /etc/pihole/local.list - 0 addresses
Jul 29 12:15:12 dnsmasq[336]: started, version pi-hole-2.87test8 cachesize 10000
Jul 29 12:15:12 dnsmasq[336]: DNS service limited to local subnets
Jul 29 12:15:12 dnsmasq[336]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
Jul 29 12:15:12 dnsmasq[336]: using nameserver 1.1.1.1#53
Jul 29 12:15:12 dnsmasq[336]: using nameserver 1.0.0.1#53
Jul 29 12:15:12 dnsmasq[336]: using only locally-known addresses for onion
Jul 29 12:15:12 dnsmasq[336]: using only locally-known addresses for bind
Jul 29 12:15:12 dnsmasq[336]: using only locally-known addresses for invalid
Jul 29 12:15:12 dnsmasq[336]: using only locally-known addresses for localhost
Jul 29 12:15:12 dnsmasq[336]: using only locally-known addresses for test
Jul 29 12:15:12 dnsmasq[336]: read /etc/hosts - 5 addresses
Jul 29 12:15:12 dnsmasq[336]: read /etc/pihole/custom.list - 2 addresses
Jul 29 12:15:12 dnsmasq[336]: read /etc/pihole/local.list - 0 addresses
Jul 29 12:48:14 dnsmasq[336]: exiting on receipt of SIGTERM
Jul 29 12:50:22 dnsmasq[336]: started, version pi-hole-2.87test8 cachesize 10000
Jul 29 12:50:22 dnsmasq[336]: DNS service limited to local subnets
Jul 29 12:50:22 dnsmasq[336]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
Jul 29 12:50:22 dnsmasq[336]: using nameserver 1.1.1.1#53
Jul 29 12:50:22 dnsmasq[336]: using nameserver 1.0.0.1#53
Jul 29 12:50:22 dnsmasq[336]: using only locally-known addresses for onion
Jul 29 12:50:22 dnsmasq[336]: using only locally-known addresses for bind
Jul 29 12:50:22 dnsmasq[336]: using only locally-known addresses for invalid
Jul 29 12:50:22 dnsmasq[336]: using only locally-known addresses for localhost
Jul 29 12:50:22 dnsmasq[336]: using only locally-known addresses for test
Jul 29 12:50:22 dnsmasq[336]: read /etc/hosts - 5 addresses
Jul 29 12:50:22 dnsmasq[336]: read /etc/pihole/custom.list - 2 addresses
Jul 29 12:50:22 dnsmasq[336]: read /etc/pihole/local.list - 0 addresses
Jul 29 16:02:02 dnsmasq[336]: exiting on receipt of SIGTERM
Jul 29 16:07:48 dnsmasq[336]: started, version pi-hole-2.87test8 cachesize 10000
Jul 29 16:07:48 dnsmasq[336]: DNS service limited to local subnets
Jul 29 16:07:48 dnsmasq[336]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
Jul 29 16:07:48 dnsmasq[336]: using nameserver 1.1.1.1#53
Jul 29 16:07:48 dnsmasq[336]: using nameserver 1.0.0.1#53
Jul 29 16:07:48 dnsmasq[336]: using only locally-known addresses for onion
Jul 29 16:07:48 dnsmasq[336]: using only locally-known addresses for bind
Jul 29 16:07:48 dnsmasq[336]: using only locally-known addresses for invalid
Jul 29 16:07:48 dnsmasq[336]: using only locally-known addresses for localhost
Jul 29 16:07:48 dnsmasq[336]: using only locally-known addresses for test
Jul 29 16:07:48 dnsmasq[336]: read /etc/hosts - 5 addresses
Jul 29 16:07:48 dnsmasq[336]: read /etc/pihole/custom.list - 2 addresses
Jul 29 16:07:48 dnsmasq[336]: read /etc/pihole/local.list - 0 addresses
@Bucking_Horn , are above reverse lookups?
Could this also be a TTL issue?
EDIT:
You dont have to redact private addresses.
Everyone shares those same IP addresses in their houses
As those metrics are 24-hour aggregates, we can't be entirely sure that those domains would be involved in a sudden surge in DNS queries, but it seems likely that your TV (and maybe your Asus router/access point on behalf of your TV) may have caused your warnings.
The overall stats result looks normal, apart from the high reply_REFUSED count.
I guess those may have been rejected during that sudden flurry.
Let's take a closer look at those:
pihole-FTL sqlite3 "/etc/pihole/pihole-FTL.db" "SELECT domain, count(domain), client, datetime(max(timestamp),'unixepoch') FROM queries WHERE reply_type=8 GROUP BY domain ORDER BY count(domain) DESC LIMIT 10;"
1 Like
I have to mention that these logs are from today but I had the issue , according to the warning , between 10:05 am and 10:15 am on the 28th so I am not sure if these logs are relevant. I don't have any warnings today.
**pihole-FTL sqlite3 "/etc/pihole/pihole-FTL.db" "SELECT domain, count(domain), client, datetime(max(timestamp),'unixepoch') FROM queries WHERE reply_type=8 GROUP BY domain ORDER BY count(domain) DESC LIMIT 10;"**
> pubsub.googleapis.com|4183|192.168.0.133|2022-07-29 11:33:32
> oauth.ring.com|596|192.168.0.133|2022-07-26 18:02:45
> app-snaps.ring.com|382|192.168.0.133|2022-07-29 11:33:31
> api.ring.com|244|192.168.0.133|2022-07-29 11:33:31
> api.spotify.com|229|192.168.0.133|2022-07-29 11:33:28
> api.amazon.com|202|192.168.0.133|2022-07-26 18:02:39
> security-mqtt.eufylife.com|183|192.168.0.133|2022-07-28 14:14:34
> api.weather.gov|162|192.168.0.133|2022-07-29 11:32:57
> ps.pndsn.com|130|192.168.0.133|2022-07-28 14:14:40
> account-link.nabucasa.com|124|192.168.0.133|2022-07-26 18:02:41
Update:
I found out a lot of people are plagued with scribe.logs.roku.com spam in their Pi-Holes/AdGuards.
Thats what was causing my warning to trigger.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.