Every few days (sometimes multiple times a day) the connection on several (but not all) of my devices in my home suddenly starts failing to find any servers. After a few minutes, all devices in the home will hit this error.
When this happens I will see a few (probably 2-4) warnings in the diagnosis that all say
Warning in `dnsmasq` core:
Maximum number of concurrent DNS queries reached (max: 150)
This typically happens when internet usage is high, like streaming a show while another device is on a video chat, or downloading large files. What can work to reset the system is to run pihole restartdns and this will typically bring connectivity back for an indefinite period of time.
Details about my system:
I have a single Eero router that my Pi is connected to via ethernet. My Pi-hole is configured to just serve as the DNS server, not DCHP, as this isn't configurable with Eero. Because of this, all my traffic to the Pi-hole all has my router's IP. Almost all of my devices are Apple devices too, so they have iCloud Private Relay enabled, but I do have BLOCK_ICLOUD_PR=false
pi@raspberrypi:~ $ cat /etc/pihole/pihole-FTL.conf
#; Pi-hole FTL config file
#; Comments should start with #; to avoid issues with PHP and bash reading this file
PRIVACYLEVEL=0
RATE_LIMIT=0/0
BLOCK_ICLOUD_PR=false
Here's a debug log from when everything is working, I'll try to get another log when the internet goes back down (but often times getting a debug log brings it back up)
[✓] Your debug token is: https://tricorder.pi-hole.net/33hPDDqr/
150 concurrent queries is nothing your would normally see on a home network by far.
It often would suggest a DNS loop of sorts, but as your debug log doesn't show any hints of such a loop, that would suggest that your observation may be be caused by misbehaving client(s), desperate to resolve a blocked or otherwise unavailable domain.
Since it's only your router forwarding DNS requests to Pi-hole on behalf of its clients, it would be hard to pinpoint this to a specific device.
I hit this situation a few times yesterday and saw SERVFAIL errors from several domains and clients, but what you’re saying seems possible, that there’s a client trying to spam an unresolved domain.