DoH max concurrent queries reached

Hello Mates,
Using a CCR1036-8G-2S+ with 1k+ pppoe sessions who still use it as a DNS server (DoH).

I’m getting a

DoH max concurrent queries reached, query ignored.[/u][/i]

Configs: ip dns pr
servers:
dynamic-servers:
use-doh-server: https://dns.google/dns-query
verify-doh-cert: yes
allow-remote-requests: yes
max-udp-packet-size: 50000
query-server-timeout: 2s
query-total-timeout: 10s
max-concurrent-queries: 1048576
max-concurrent-tcp-sessions: 1000000
cache-size: 1953163KiB
cache-max-ttl: 1w
cache-used: 22294KiB

Anyone?

Looks like there is a hard limit in RouterOS. Only Mikrotik can change that.
Open a support ticket if you want or need this to change.

max-concurrent-queries: 1048576

Could it be possible you have incorrectly configured the firewall and your DNS server is open to public? This number ir much higher than you claim you have users.

A few of us have had the same problem so if you search on DOH you will see its not just you. DOH on the MT hardware still seems a bit buggy.

Many of us are seeing the same issues with DoH on ROS. It’s simply not stable/consistent enough.

The same problem does not exist when I tried with dnscrypt-proxy manually on a PC.

Blocked all requests from my WAN ports. Those are my clients’ requests mate.

DoH seems not to be stable yet. Opted to Unbound

I’m getting the same thing in my logs. 6.47.4 stable.

@normis

Any update on this one? I am seeing it with 40 clients.

I am extremely keen to move my DNS back onto the router in a DoH configuration but can’t be dropping queries as it was (according to the logs)

None aon..


Decided to use Unbound as Mikrotik sorts this.

I have the same problem, according to my research that I live in Iran, Morboud is blocking services from Google, I checked and the problem was that I was using the “nextdns” service, which I changed to “ahadns”, and now there is a problem I do not have.

i also changed my dns from cloudfkare to aha. so far so good

I do get the same error on a small home network now and then using nextdns DoH server.
Last couple of days log:

2021-06-09 05:27:43	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 04:41:07	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 03:59:31	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 01:54:54	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 01:44:22	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 01:26:21	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 00:56:06	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:29	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:29	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:13	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:13	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:13	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:13	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 14:47:00	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 11:08:17	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 09:52:06	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 09:31:43	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 06:41:03	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 06:36:32	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 04:48:37	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 04:16:41	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 02:57:50	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 02:23:17	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 02:20:57	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 02:08:44	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 01:31:41	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 17:40:54	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 16:15:52	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 12:44:25	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 12:36:53	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 12:15:51	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 06:00:39	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 05:59:58	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 04:38:26	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 03:41:57	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 03:27:44	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 03:20:43	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 02:07:57	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 21:32:23	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 12:35:16	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 12:26:11	GV-ABBC-192.168.1.1	server connection error idle timeout waiting data
2021-06-06 07:41:07	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 07:33:55	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 06:48:40	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 06:00:03	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 05:41:19	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 05:26:37	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 04:48:30	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 04:27:26	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 03:41:59	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 03:11:45	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 02:29:18	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 02:20:16	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 01:27:18	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 01:20:57	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 00:59:24	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 00:58:44	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 00:57:34	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 00:34:01	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 00:09:46	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 23:58:55	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 12:09:19	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 04:11:39	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 04:06:27	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 02:55:37	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 02:01:41	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 00:17:28	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-04 05:14:05	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-04 04:29:29	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-04 03:11:00	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 17:31:57	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 17:29:46	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 16:52:44	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 09:46:58	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 05:37:58	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 05:23:05	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 05:11:13	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 05:06:42	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 01:49:21	GV-ABBC-192.168.1.1	server connection error network is unreachable
2021-06-03 01:49:20	GV-ABBC-192.168.1.1	server connection error network is unreachable
2021-06-03 01:49:20	GV-ABBC-192.168.1.1	server connection error network is unreachable
2021-06-03 01:49:20	GV-ABBC-192.168.1.1	server connection error network is unreachable
2021-06-03 01:49:20	GV-ABBC-192.168.1.1	server connection error network is unreachable

I have exactly the same issue “DoH max concurrent queries reached” on a small home network (RBM11G + LTE). It can be repeated once a day, or maybe in a week. Increasing the values in the DNS settings does not solve the problem. Also noticed that a simple reboot of the miktorik sometimes does not help (the device simply does not reboot) and a reboot is required by turning off the power supply.
The same issue on second home network with Mikrotik 750Gr3.
RouterOS 6.48.3. DoH DNS - 1.1.1.1 and 1.0.0.1.
What i can do to fix and issue?

Any ideas to fix it? Or it is a bug? Dear Mikrotik team help us!

DoH under routeros lacks implementation details and has numerous bugs in my experience. So just as the others suggested I would recommend hosting a local DoH to DNS translater on another hw such as unbound or cloudflared or dnscrypt-proxy etc and then set that to the clients.

I have only been a proud owner of a mikrotik router at home for two weeks or so and already decided to switch away from the built in DoH to an rpi zero. I had 0 issues since then. While for you with that many devices it wouldn’t be an ideal device it could give you an idea.


Or we can wait until they tailor the implementation a bit.

no it’s not… i use DoH only since 6.47. the only thing i did is remove all my dns static and dynamic (no static and dynamic), then doing this
/ip dns set serv=“” use-doh-server=https://8.8.8.8/dns-query verify-doh-cert=no

that’s all folks…
why am i using this “use-doh-server=https://8.8.8.8/dns-query” not using “use-doh-server=https://dns.google/dns-query”?
because :
dns static not referring dns.google as 8.8.8.8 nor 8.8.4.4 and of course, using use-doh-server=https://dns.google/dns-query will take you into trouble, make sense right?

I did this at first, but if you use Verify Doh Certificate, that some you should use, you can not use URL with number in it, you must use fqdn.

Example
You like to use DoH serer

https://dns.nextdns.io/dns-query

You can then add a static DNS

dns.nextdns.io → 37.120.149.148

Problem with this is that one name uses many IP, so you should do a resolve of the name to find IP respond closest to you.

This works fine for me, but not sure if its the best option.

Depends if the certificate includes the IP address as subject alternative name. The certificates from Google, Cloudflare and Quad-Nine do, so it does work.

Did not know, nice information