Maximum number of concurrent DNS queries reached

[queglay]

Thankyou for the work on this project. I am starting to use it as my DNS at home to lookup 3 different subdomains, each via their own VPN gateway. So far the results are pretty promising. I have configured my router to use this docker ip as the DNS.

The only problem is I see an error "Maximum number of concurrent DNS queries reached (max: 150)".

I have two questions.

1. Can we change the logging verbosity to see the requests somehow?
2. Can we alter the configuration to fix this error?

Here is how I start the container:

user@h18licenseserver:~$ sudo docker run -p 53:53/tcp -p 53:53/udp --cap-add=NET_ADMIN andyshinn/dnsmasq:2.81 -S /grey.openfirehawk.com/10.1.1.4 -S /blue.openfirehawk.com/10.2.1.4 -S /green.openfirehawk.com/10.3.1.4 --log-facility=- | while read outlog; do echo "$(date): $outlog"; done 2>&1 | tee ~/dnsmasq.log &
[1] 4086
user@h18licenseserver:~$ dnsmasq[1]: started, version 2.81 cachesize 150
dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile
dnsmasq[1]: using nameserver 10.3.1.4#53 for domain green.openfirehawk.com 
dnsmasq[1]: using nameserver 10.2.1.4#53 for domain blue.openfirehawk.com 
dnsmasq[1]: using nameserver 10.1.1.4#53 for domain grey.openfirehawk.com 
dnsmasq[1]: reading /etc/resolv.conf
dnsmasq[1]: using nameserver 10.3.1.4#53 for domain green.openfirehawk.com 
dnsmasq[1]: using nameserver 10.2.1.4#53 for domain blue.openfirehawk.com 
dnsmasq[1]: using nameserver 10.1.1.4#53 for domain grey.openfirehawk.com 
dnsmasq[1]: using nameserver 192.168.92.125#53
dnsmasq[1]: using nameserver 192.168.92.1#53
dnsmasq[1]: read /etc/hosts - 7 addresses
dnsmasq[1]: Maximum number of concurrent DNS queries reached (max: 150)

[queglay]

I can see
using nameserver 192.168.92.1#53

This could be part of the problem, because 192.168.92., my router 1 is also using nameserver 192.168.92.125 (docker). Could this be causing loops? if so, when starting the container can I get it to explicitly not use 192.168.92.1?

Currently my router has two DNS listed for DHCP.
192.168.92.125 (docker)
192.168.92.1 (itself)

[andyshinn]

I agree that this is a loop issue unless you have a massive amount of queries going on.

• Does the error show up immediately?
• What is the router and its configuration (does itself run dnsmasq or other DNS forwarder to upstream)?

[queglay]

Thanks for the reply Andy, the error does show up immediately. The router is an Ubiquiti ER-x. Apart from the DNS entries provided, I dont know of any other configuration options for its own DNS that it runs.

[andyshinn]

If dnsmasq is reading /etc/resolv.conf for the upstream then maybe this host has a loop?

• Can you confirm the output of /etc/resolv.conf on the host?
• Can you try setting --dns for the container runtime to just your ISP upstream?

I'm assuming you want: client -> router -> Docker container -> upstream.

[bjmi]

This could be part of the problem, because 192.168.92., my router 1 is also using nameserver 192.168.92.125 (docker). Could this be causing loops? if so, when starting the container can I get it to explicitly not use 192.168.92.1?

You could specify no-resolv and add server=192.168.92.125 to set upstream server list manually.

There is a dns-loop-detect option that could be tried too.

http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

[andyshinn]

I'm going to close this as I think it is a loop issue outside the scope of this image. But feel free to reopen if you have more information and think it is an image issue still.