I've been getting the RATE_LIMIT warning in regards to my router's IP address. I've tried some of the things that I've found here in the help forums, like changing the "rate-limiting" setting in the DNS settings of the Pi-Hole.
Many of the help chats here in the forums regarding the router rate limiting seem to go unfinished, however.
I'll provide the information requested.
Expected Behaviour:
I would expect that under normal operation, without any configuration errors on my part, that my router would not be rate limited with the warning "Client 192.168.50.1 has been rate-limited (current config allows up to 1000 queries in 60 seconds)"
I'm running pi-hole on a Raspberry Pi 4, that is connected via ethernet to my router. The RPi is running Debian 11 (bullseye)
My router is an ASUS RT-AX86U running the most up-to-date OEM firmware from ASUS.
I do have the Pi-hole's IP address(es) set in the router's DNS fields for WAN and LAN:
Often, the pi-hole is giving me the error "Client 192.168.50.1 has been rate-limited (current config allows up to 1000 queries in 60 seconds)"
I'm sure that there is more information that would be helpful, but I'll wait to be asked for that. I don't want to assume what information would be helpful.
My PC (Win10) is connected via ethernet, but it does have a wireless card. The Wi-Fi was on, but not connected to any networks. I've turned Wi-Fi off, and I've noticed the number of Total Queries in the Pi-hole Dashboard bar graph drop off dramatically.
Alright. While that seemed to help, it seemed temporary.
I got the rate limit error again, but I'm also seeing two 'ignoring query from non-local network' errors from IP addresses for devices that are on my network.
I wasn't able to fully review your logs (I didn't have much time), but apparently you enabled Conditional Forwarding in Pi-hole and you are also using Pi-hole as LAN DNS and WAN DNS.
I think this is causing a partial DNS loop. Pi-hole sends some queries to router (conditional forwarding), then the router sends the same query to Pi-hole, creating a loop.
As a test, try to temporarily disable Conditional Forwarding and report here if this fixes the rate limit issue.
Thanks for the reply!
I was about to disable the Conditional Forwarding (CF), so your suggestion helped drive the decision. I have disabled CF, and I have not seen the RATE_LIMIT warning again. During the time since I last replied, I had found some corroborating reports that when you have both LAN and WAN setup on the ASUS router with the pi-hole DNS, that CF is not necessary. I'm fine with it not being enabled.
It does look like disabling the CF did the trick for ceasing the RATE_LIMIT warnings of my router's IP. I'm marking your answer as the solution.
As the tale thickens...
Since then, I have gotten a couple of DNSMASQ_WARN-ings, like this:
ignoring query from non-local network 2601:602:9d00:12::187b
The device with that IPv6 address is is my mobile, and the other warning was referring to the IPv6 address of my laptop. Both are connected to my local network's 5 GHz wifi. But that is a horse of another color, and I will look into that error, and if necessary I'll create a new thread here.
I can't read anything that would allow that conclusion from the source you've linked, but those reports would be incorrect anyway.
Conditional Forwarding is beneficial if your router runs a DNS resolver that knows the names of the router's DHCP client. In such a scenario, Pi-hole can query the router for such local names when CF is enabled.
An alternative would be to configure Pi-hole to use your router as its only Upstream DNS Server, as your router's DNS resolver would then see every DNS query that Pi-hole forwards, being able to answer the local names while forwarding the unknown names to its own upstreams (WAN).
This would be the only constellation where you could forego CF and still query the router's DNS for local names.
Now, if your router would use Pi-hole as upstream, that would close a.) a partial loop with CF enabled and b.) a full with Pi-hole using your router as upstream.
For b.), you'd need to point your router's upstreams to some public DNS resolvers, or you won't have DNS resolution at all.
Since your router distributes Pi-hole as local DNS resolver via DHCP, your DHCP clients DNS requests are filtered by Pi-hole.
