Community discussions

MikroTik App
 
User avatar
seriousblack
newbie
Topic Author
Posts: 36
Joined: Tue Apr 03, 2018 4:02 am
Contact:

DoH max concurrent queries reached

Sun Jul 05, 2020 9:06 am

Hello Mates,
Using a CCR1036-8G-2S+ with 1k+ pppoe sessions who still use it as a DNS server (DoH).

I'm getting a
dohError.png
DoH max concurrent queries reached, query ignored.[/u][/i]

Configs: ip dns pr
servers:
dynamic-servers:
use-doh-server: https://dns.google/dns-query
verify-doh-cert: yes
allow-remote-requests: yes
max-udp-packet-size: 50000
query-server-timeout: 2s
query-total-timeout: 10s
max-concurrent-queries: 1048576
max-concurrent-tcp-sessions: 1000000
cache-size: 1953163KiB
cache-max-ttl: 1w
cache-used: 22294KiB
You do not have the required permissions to view the files attached to this post.
 
User avatar
seriousblack
newbie
Topic Author
Posts: 36
Joined: Tue Apr 03, 2018 4:02 am
Contact:

Re: DoH max concurrent queries reached

Tue Aug 11, 2020 10:13 am

Anyone?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: DoH max concurrent queries reached

Tue Aug 11, 2020 10:34 am

Looks like there is a hard limit in RouterOS. Only Mikrotik can change that.
Open a support ticket if you want or need this to change.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26291
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: DoH max concurrent queries reached

Tue Aug 11, 2020 10:44 am

max-concurrent-queries: 1048576
Could it be possible you have incorrectly configured the firewall and your DNS server is open to public? This number ir much higher than you claim you have users.
 
kd2pm2
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Nov 14, 2012 7:14 am
Location: New Jersey, USA

Re: DoH max concurrent queries reached

Tue Aug 11, 2020 3:15 pm

A few of us have had the same problem so if you search on DOH you will see its not just you. DOH on the MT hardware still seems a bit buggy.
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 998
Joined: Fri Jun 26, 2020 4:37 pm

Re: DoH max concurrent queries reached

Tue Aug 18, 2020 2:42 pm

max-concurrent-queries: 1048576
Could it be possible you have incorrectly configured the firewall and your DNS server is open to public? This number ir much higher than you claim you have users.
Many of us are seeing the same issues with DoH on ROS. It's simply not stable/consistent enough.

The same problem does not exist when I tried with dnscrypt-proxy manually on a PC.
 
User avatar
seriousblack
newbie
Topic Author
Posts: 36
Joined: Tue Apr 03, 2018 4:02 am
Contact:

Re: DoH max concurrent queries reached

Tue Aug 25, 2020 11:14 pm

max-concurrent-queries: 1048576
Could it be possible you have incorrectly configured the firewall and your DNS server is open to public? This number ir much higher than you claim you have users.
Blocked all requests from my WAN ports. Those are my clients' requests mate.

DoH seems not to be stable yet. Opted to Unbound :(
 
blurrybird
newbie
Posts: 38
Joined: Sun Jan 19, 2020 12:25 pm

Re: DoH max concurrent queries reached

Thu Sep 24, 2020 12:14 pm

I'm getting the same thing in my logs. 6.47.4 stable.
 
blurrybird
newbie
Posts: 38
Joined: Sun Jan 19, 2020 12:25 pm

Re: DoH max concurrent queries reached

Sat Nov 07, 2020 3:45 am

@normis

Any update on this one? I am seeing it with 40 clients.

I am extremely keen to move my DNS back onto the router in a DoH configuration but can't be dropping queries as it was (according to the logs)
 
User avatar
seriousblack
newbie
Topic Author
Posts: 36
Joined: Tue Apr 03, 2018 4:02 am
Contact:

Re: DoH max concurrent queries reached

Sun Nov 15, 2020 7:43 pm

None aon..


Decided to use Unbound as Mikrotik sorts this.
 
ariorasaneh
just joined
Posts: 1
Joined: Tue Oct 27, 2020 1:00 am

Re: DoH max concurrent queries reached

Tue May 25, 2021 7:12 pm

I have the same problem, according to my research that I live in Iran, Morboud is blocking services from Google, I checked and the problem was that I was using the "nextdns" service, which I changed to "ahadns", and now there is a problem I do not have.
 
mkoleiny
just joined
Posts: 3
Joined: Fri Feb 22, 2013 10:19 pm

Re: DoH max concurrent queries reached

Wed Jun 09, 2021 9:53 am

i also changed my dns from cloudfkare to aha. so far so good
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DoH max concurrent queries reached

Wed Jun 09, 2021 11:28 am

I do get the same error on a small home network now and then using nextdns DoH server.
Last couple of days log:
2021-06-09 05:27:43	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 04:41:07	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 03:59:31	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 01:54:54	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 01:44:22	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 01:26:21	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-09 00:56:06	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:29	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:29	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:13	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:13	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:13	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 15:09:13	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 14:47:00	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 11:08:17	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 09:52:06	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 09:31:43	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 06:41:03	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 06:36:32	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 05:37:48	GV-ABBC-192.168.1.1	max concurrent queries reached
2021-06-08 04:48:37	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 04:16:41	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 02:57:50	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 02:23:17	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 02:20:57	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 02:08:44	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-08 01:31:41	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 17:40:54	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 16:15:52	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 12:44:25	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 12:36:53	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 12:15:51	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 06:00:39	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 05:59:58	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 04:38:26	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 03:41:57	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 03:27:44	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 03:20:43	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-07 02:07:57	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 21:32:23	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 12:35:16	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 12:26:11	GV-ABBC-192.168.1.1	server connection error idle timeout waiting data
2021-06-06 07:41:07	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 07:33:55	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 06:48:40	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 06:00:03	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 05:41:19	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 05:26:37	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 04:48:30	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 04:27:26	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 03:41:59	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 03:11:45	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 02:29:18	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 02:20:16	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 01:27:18	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 01:20:57	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 00:59:24	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 00:58:44	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 00:57:34	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 00:34:01	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-06 00:09:46	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 23:58:55	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 12:09:19	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 04:11:39	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 04:06:27	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 02:55:37	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 02:01:41	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-05 00:17:28	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-04 05:14:05	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-04 04:29:29	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-04 03:11:00	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 17:31:57	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 17:29:46	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 16:52:44	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 09:46:58	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 05:37:58	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 05:23:05	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 05:11:13	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 05:06:42	GV-ABBC-192.168.1.1	server connection error remote disconnected http exchange
2021-06-03 01:49:21	GV-ABBC-192.168.1.1	server connection error network is unreachable
2021-06-03 01:49:20	GV-ABBC-192.168.1.1	server connection error network is unreachable
2021-06-03 01:49:20	GV-ABBC-192.168.1.1	server connection error network is unreachable
2021-06-03 01:49:20	GV-ABBC-192.168.1.1	server connection error network is unreachable
2021-06-03 01:49:20	GV-ABBC-192.168.1.1	server connection error network is unreachable
 
obscurus
newbie
Posts: 29
Joined: Thu May 04, 2017 9:25 am

Re: DoH max concurrent queries reached

Sun Jul 25, 2021 6:40 pm

I have exactly the same issue "DoH max concurrent queries reached" on a small home network (RBM11G + LTE). It can be repeated once a day, or maybe in a week. Increasing the values in the DNS settings does not solve the problem. Also noticed that a simple reboot of the miktorik sometimes does not help (the device simply does not reboot) and a reboot is required by turning off the power supply.
The same issue on second home network with Mikrotik 750Gr3.
RouterOS 6.48.3. DoH DNS - 1.1.1.1 and 1.0.0.1.
What i can do to fix and issue?
 
obscurus
newbie
Posts: 29
Joined: Thu May 04, 2017 9:25 am

Re: DoH max concurrent queries reached

Sun Aug 01, 2021 5:26 pm

Any ideas to fix it? Or it is a bug? Dear Mikrotik team help us!
 
diniboy
just joined
Posts: 15
Joined: Wed Jul 21, 2021 2:10 am

Re: DoH max concurrent queries reached

Mon Aug 02, 2021 2:33 am

DoH under routeros lacks implementation details and has numerous bugs in my experience. So just as the others suggested I would recommend hosting a local DoH to DNS translater on another hw such as unbound or cloudflared or dnscrypt-proxy etc and then set that to the clients.

I have only been a proud owner of a mikrotik router at home for two weeks or so and already decided to switch away from the built in DoH to an rpi zero. I had 0 issues since then. While for you with that many devices it wouldn't be an ideal device it could give you an idea.


Or we can wait until they tailor the implementation a bit.
 
dejoebad
just joined
Posts: 16
Joined: Mon Jul 21, 2014 5:05 pm

Re: DoH max concurrent queries reached

Sun Oct 17, 2021 6:15 am

I'm getting the same thing in my logs. 6.47.4 stable.
no it's not... i use DoH only since 6.47. the only thing i did is remove all my dns static and dynamic (no static and dynamic), then doing this
/ip dns set serv="" use-doh-server=https://8.8.8.8/dns-query verify-doh-cert=no

that's all folks...
why am i using this "use-doh-server=https://8.8.8.8/dns-query" not using "use-doh-server=https://dns.google/dns-query"?
because :
dns static not referring dns.google as 8.8.8.8 nor 8.8.4.4 and of course, using use-doh-server=https://dns.google/dns-query will take you into trouble, make sense right?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DoH max concurrent queries reached

Sun Oct 17, 2021 9:00 am

I did this at first, but if you use Verify Doh Certificate, that some you should use, you can not use URL with number in it, you must use fqdn.

Example
You like to use DoH serer
You can then add a static DNS
dns.nextdns.io --> 37.120.149.148
Problem with this is that one name uses many IP, so you should do a resolve of the name to find IP respond closest to you.

This works fine for me, but not sure if its the best option.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: DoH max concurrent queries reached

Wed Oct 20, 2021 5:44 pm

I did this at first, but if you use Verify Doh Certificate, that some you should use, you can not use URL with number in it, you must use fqdn.
Depends if the certificate includes the IP address as subject alternative name. The certificates from Google, Cloudflare and Quad-Nine do, so it does work.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DoH max concurrent queries reached

Thu Oct 21, 2021 3:12 pm

Did not know, nice information :)
 
blurrybird
newbie
Posts: 38
Joined: Sun Jan 19, 2020 12:25 pm

Re: DoH max concurrent queries reached

Fri Sep 30, 2022 12:04 am

This is still a thing on 7.5.

Pointing the router to an AdguardHome installation with caddy reverse proxy.
 
marcodmb
just joined
Posts: 7
Joined: Sat Feb 12, 2022 1:57 pm

Re: DoH max concurrent queries reached

Tue Oct 04, 2022 10:27 am

Me too on 7.5. "DoH max concurrent queries reached". Reverted back to Do53.
 
Shalom
just joined
Posts: 9
Joined: Tue Oct 17, 2017 3:00 pm

Re: DoH max concurrent queries reached

Tue Oct 18, 2022 9:31 pm

It seems like the ROS is limiting the DOH query to 55 only. When the Max. Concurrent Queries to 55, the dns log will not have warning message.
 
blurrybird
newbie
Posts: 38
Joined: Sun Jan 19, 2020 12:25 pm

Re: DoH max concurrent queries reached

Sat Nov 19, 2022 3:23 pm

interesting discovery.

It would be good for mikrotik to acknowledge and fix :(
 
redskilldough
just joined
Posts: 17
Joined: Mon Jan 04, 2016 12:40 pm

Re: DoH max concurrent queries reached

Thu Dec 29, 2022 4:01 am

Having the same problem, hope it will be fixed soon
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 512
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: DoH max concurrent queries reached

Sat Jan 14, 2023 9:52 pm

Also unusable on 6.49.7: `DoH max concurrent queries reached, ignoring query`. Just a handful of clients on a home router. Firewall blocks DNS from WAN.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DoH max concurrent queries reached

Sun Jan 15, 2023 1:24 pm

It seems like the ROS is limiting the DOH query to 55 only. When the Max. Concurrent Queries to 55, the dns log will not have warning message.
Any sent a support case to MT about this? MT do not always read all messages here.

Who is online

Users browsing this forum: mkx and 92 guests