My Pi-hole had been working without issue for around 2 weeks, and then I woke up one morning to find I couldn’t connect to any webpage unless I used a VPN or added a fallback IPv4 DNS Address (I used 8.8.8.8 but of course no ad blocking there). Now whenever I remove the 2nd DNS Address, I consistently get an error along the lines of:
2025-11-03 18:41:55
RATE_LIMIT
Client 192.168.1.1 has been rate-limited for at least 27 seconds (current limit: 1000 queries per 60 seconds)
I’m using a pi zero 2w and have a verizon fios G3100 router. I cannot for the life of me figure out where a dns loop is occurring, if any.
Apparently all your devices are using the router as DNS server and the router uses Pi-hole.
Maybe there is no loop and this is only a normal amount of queries, depending on how many devices are using the router and the router is sending them to Pi-hole, generating the warning.
Or maybe one device (or maybe many devices) is sending too many queries to your router.
Since Pi-hole only receives queries from the router, we can't determine which device is causing the issue. You can try to search the Query Log page to see if some domain is queried too many times. With this information maybe you can spot which device is causing the issue.
NOTE:
I noticed you added sonx.mediasearch.verizon.com to your blocked domains and I also see many blocked queries from the router, like these:
Nov 3 00:00:13 dnsmasq[766]: query[AAAA] sonx.mediasearch.verizon.com from 192.168.1.1
Nov 3 00:00:13 dnsmasq[766]: exactly denied sonx.mediasearch.verizon.com is ::
Nov 3 00:00:13 dnsmasq[766]: query[A] sonx.mediasearch.verizon.com from 192.168.1.1
Nov 3 00:00:13 dnsmasq[766]: exactly denied sonx.mediasearch.verizon.com is 0.0.0.0
Maybe the issue is caused by Verizon router itself.
Try to disable this entry and check if it fixes the issue.
Good catch with the verizon blocked domain! I removed it from the blocked lists and it seemed to fix the problem briefly until I hit a rate limit issue again. I’m not networking expert, but it does seem a lot of domains hit the pihole numerous times within the same second. some recent examples I see are clients2.google.com, play.itunes.apple.com, bag.itunes.apple.com, various googleapis. While on one hand it makes sense that these would appear frequently, for the app domains, there were 500+ queries in the span of 5 seconds. HTTPS, A, and AAAA.
I was reading on some other posts that supposedly you can change the rate limit via /etc/pihole/pihole-FTL.conf , but I don’t have that file on my pihole.
As far as router side, I’m not messing with the DCHP server, have the pihole set to a static IP, and the IPv4 DNS set to the pihole IP.
If you have a lot of clients on your network and all of them are using the router as DNS server, then Pi-hole only sees one client (the router) and everything comes from a single client.
Also, some apps are badly designed and when you block a domain they continuously keep trying the same domain, over and over. This can trigger the rate limit warning.
That was the old config file, used by Pi-hole v5. Pi-hole v6 uses a different config file, but now you can use the web interface to change any option.
You can access the Settings > All settings page on the web interface and scroll down to find dns.rateLimit.count and dns.rateLimit.interval options.
They control how many queries are permitted (.count) in a defined interval (.interval). The default values are 1000 queries per 60 seconds.
This is usually enough, but you can try to increase them if you have a big number of devices on your network.
If the rate limit warning appears even after increasing the count number, you probably have a different issue.