Internet seems to be stuttering after configuring OpenWrt

Hi! I have configured my OpenWrt device to cater exactly to my needs, in doing so it appears I either made a mistake along the way, need better hardware or both. What I mean by "stuttering" in the title is that seemingly randomly for a few seconds to a couple minutes at a time, the internet will crawl and occasionally time out. I noticed this while updating my docker containers and saw that it was taking over 3 minutes to pull one container, then I tried looking up a possible cause on my phone (which is on the same router) and noticed it was having the same problem there. I'm providing my configuration here (hopefully with all the PID removed, if someone catches some in there please let me know ASAP.) If there are any problems with my configuration that may be causing the issue I'm describing, or if there's anything else I can provide please let me know :slight_smile:

ubus call system board
{
        "kernel": "5.15.150",
        "hostname": "OpenWrt",
        "system": "ARMv7 Processor rev 0 (v7l)",
        "model": "Netgear Nighthawk XR500",
        "board_name": "netgear,xr500",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "ipq806x/generic",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"
        }
}



cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd1c:9dfc:85e4::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'
        option peerdns '0'
        list dns '192.168.1.80'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 4 3 1'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 5'
        option vid '2'

config interface 'wgvpnDHCP'
        option proto 'static'
        list ipaddr '192.168.3.1/24'
        list dns '192.168.1.80'

config interface 'wgvpnWG'
        option proto 'wireguard'
        option private_key 'removed'
        list addresses '10.71.48.16/32'
        list addresses 'fc00:bbbb:bbbb:bb01::8:300f/128'

config wireguard_wgvpnWG 'wgserver'
        option public_key 'removed'
        option endpoint_host '185.156.46.143'
        option endpoint_port '51820'
        list allowed_ips '0.0.0.0/0'
        list allowed_ips '::/0'

config interface 'GuestDHCP'
        option proto 'static'
        option ipaddr '192.168.4.1'
        option netmask '255.255.255.0'
        list dns '192.168.1.80'

config interface 'Guestwgvpn'
        option proto 'static'
        option ipaddr '192.168.5.1'
        option netmask '255.255.255.0'
        list dns '192.168.1.80'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '6t 2'
        option vid '3'

config interface 'GuestLan'
        option proto 'static'
        option device 'eth1.3'
        option ipaddr '192.168.6.1'
        option netmask '255.255.255.0'
        list dns '192.168.1.80'

cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'House'
        option encryption 'sae-mixed'
        option key 'removed'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'House'
        option encryption 'sae-mixed'
        option key 'removed'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'House VPN'
        option encryption 'sae-mixed'
        option key 'removed'
        option network 'wgvpnDHCP'

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'House VPN'
        option encryption 'sae-mixed'
        option key 'removed'
        option network 'wgvpnDHCP'

config wifi-iface 'wifinet4'
        option device 'radio0'
        option mode 'ap'
        option ssid 'House Guest'
        option encryption 'sae-mixed'
        option wmm '0'
        option isolate '1'
        option key 'removed'
        option network 'GuestDHCP'

config wifi-iface 'wifinet5'
        option device 'radio1'
        option mode 'ap'
        option ssid 'House Guest'
        option encryption 'sae-mixed'
        option isolate '1'
        option key 'removed'

config wifi-iface 'wifinet6'
        option device 'radio0'
        option mode 'ap'
        option ssid 'House Guest VPN'
        option encryption 'sae-mixed'
        option isolate '1'
        option key 'removed'
        option network 'Guestwgvpn'

config wifi-iface 'wifinet7'
        option device 'radio1'
        option mode 'ap'
        option ssid 'House Guest VPN'
        option encryption 'sae-mixed'
        option isolate '1'
        option key 'removed'
        option network 'Guestwgvpn'
cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        list server '/*mydomain.tld/192.168.1.80'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'wgvpnDHCP'
        option interface 'wgvpnDHCP'
        option start '2'
        option limit '150'
        option leasetime '12h'
        list dhcp_option '6,192.168.1.80,100.64.0.7,9.9.9.9'
        option force '1'

config dhcp 'GuestDHCP'
        option interface 'GuestDHCP'
        option start '100'
        option limit '150'
        option leasetime '12h'

config dhcp 'Guestwgvpn'
        option interface 'Guestwgvpn'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option force '1'

config dhcp 'GuestLan'
        option interface 'GuestLan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option force '1'

config domain
        option name 'mydomain.tld'
        option ip '192.168.1.80'

cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone 'lan'
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone 'wan'
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'wgvpnWG'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include 'pbr'
        option fw4_compatible '1'
        option type 'script'
        option path '/usr/share/pbr/pbr.firewall.include'

config zone
        option name 'wgvpnDHCP'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'wgvpnDHCP'

config forwarding
        option src 'wgvpnDHCP'
        option dest 'wan'

config rule
        option name 'wgvpnDHCP'
        option src 'wgvpnDHCP'
        option dest_port '67'
        option target 'ACCEPT'
        list proto 'udp'

config rule
        option name 'wgvpnDNS'
        option src 'wgvpnDHCP'
        option dest_port '53'
        option target 'ACCEPT'
        list proto 'tcp'
        list proto 'udp'

config zone
        option name 'GuestDHCP'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'GuestDHCP'

config forwarding
        option src 'GuestDHCP'
        option dest 'wan'

config rule
        option name 'GuestDHCP'
        list proto 'udp'
        option src 'GuestDHCP'
        option dest_port '67'
        option target 'ACCEPT'

config rule
        option name 'GuestDNS'
        option src 'GuestDHCP'
        option dest_port '53'
        option target 'ACCEPT'

config rule
        option name 'GuestTCP'
        list proto 'tcp'
        option src 'GuestDHCP'
        option dest '*'
        list dest_ip '192.168.1.80'
        option dest_port '80 443 9090'
        option target 'ACCEPT'

config redirect
        option dest 'wan'
        option target 'DNAT'
        option name 'HTTP'
        list proto 'tcp'
        option src 'lan'
        option src_dport '80'
        option dest_ip '192.168.1.80'
        option dest_port '80'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'HTTPS'
        option src 'wan'
        option src_dport '443'
        option dest_ip '192.168.1.80'
        option dest_port '443'
        list proto 'tcp'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Postfix SMTP'
        list proto 'tcp'
        option src 'wan'
        option src_dport '25'
        option dest_ip '192.168.1.80'
        option dest_port '25'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Postfix SMTPS'
        option src 'wan'
        option src_dport '465'
        option dest_ip '192.168.1.80'
        option dest_port '465'
        list proto 'tcp'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Postfix Submission'
        list proto 'tcp'
        option src 'wan'
        option src_dport '587'
        option dest_ip '192.168.1.80'
        option dest_port '587'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Dovecot IMAP'
        list proto 'tcp'
        option src 'wan'
        option src_dport '143'
        option dest_ip '192.168.1.80'
        option dest_port '143'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Dovecot IMAPS'
        list proto 'tcp'
        option src 'wan'
        option src_dport '993'
        option dest_ip '192.168.1.80'
        option dest_port '993'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Dovecot POP3'
        list proto 'tcp'
        option src 'wan'
        option src_dport '110'
        option dest_ip '192.168.1.80'
        option dest_port '110'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Dovecot POP3S'
        list proto 'tcp'
        option src 'wan'
        option src_dport '995'
        option dest_ip '192.168.1.80'
        option dest_port '995'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Dovecot ManageSieve        '
        list proto 'tcp'
        option src 'wan'
        option src_dport '4190'
        option dest_ip '192.168.1.80'
        option dest_port '4190'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'TURN (Coturn)'
        option src 'wan'
        option src_dport '3478'
        option dest_ip '192.168.1.80'
        option dest_port '3478'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'TURN (Coturn)'
        option src 'wan'
        option src_dport '5349'
        option dest_ip '192.168.1.80'
        option dest_port '5349'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Matrix Federation API'
        list proto 'tcp'
        option src 'wan'
        option src_dport '8448'
        option dest_ip '192.168.1.80'
        option dest_port '8448'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'TURN over UDP'
        list proto 'udp'
        option src 'wan'
        option src_dport '49152-49172'
        option dest_ip '192.168.1.80'
        option dest_port '49152-49172'

config rule
        option name 'wgvpnTCP'
        option src 'wgvpnDHCP'
        option dest 'lan'
        list dest_ip '192.168.1.80'
        option dest_port '53 80 443 25 465 587 143 993 110 995 4190 3478 5349 8448 25565'
        option target 'ACCEPT'
        list proto 'tcp'

config zone
        option name 'Guestwgvpn'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'Guestwgvpn'

config forwarding
        option src 'Guestwgvpn'
        option dest 'wan'

config rule
        option name 'GwgvpnDNS'
        list proto 'udp'
        option src 'Guestwgvpn'
        option dest_port '53'
        option target 'ACCEPT'

config rule
        option name 'GwgvpnDHCP'
        option src 'Guestwgvpn'
        option dest_port '67'
        option target 'ACCEPT'

config zone
        option name 'GuestLAN'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'GuestLan'

config forwarding
        option src 'GuestLAN'
        option dest 'wan'

config rule
        option name 'GuestLanDNS'
        list proto 'udp'
        option src 'GuestLAN'
        option dest_port '53'
        option target 'ACCEPT'

config rule
        option name 'GuestLanDHCP'
        option src 'GuestLAN'
        option target 'ACCEPT'
        option dest_port '67'

config rule
        option name 'GuestTCP'
        list proto 'tcp'
        option src 'GuestDHCP'
        option dest 'lan'
        list dest_ip '192.168.1.80'
        option dest_port '53 80 443 25 465 587 143 993 110 995 4190 3478 5349 8448 25565'
        option target 'ACCEPT'

config rule
        option name 'GwgvpnTCP'
        list proto 'tcp'
        option src 'Guestwgvpn'
        option dest 'lan'
        list dest_ip '192.168.1.80'
        option dest_port '53 80 443 25 465 587 143 993 110 995 4190 3478 5349 8448 25565'
        option target 'ACCEPT'

config rule
        option name 'GuestLanTCP'
        list proto 'tcp'
        option src 'GuestLAN'
        option dest 'lan'
        list dest_ip '192.168.1.80'
        option dest_port '53 80 443 25 465 587 143 993 110 995 4190 3478 5349 8448 25565'
        option target 'ACCEPT'

config rule
        option name 'wgvpnUDP'
        list proto 'udp'
        option src 'wgvpnDHCP'
        list dest_ip '192.168.1.80'
        option dest_port '3478 5349 49152-49172 24454 19132 51820 53'
        option target 'ACCEPT'
        option dest 'lan'

config rule
        option name 'GuestUDP'
        list proto 'udp'
        option src 'GuestDHCP'
        option dest 'lan'
        list dest_ip '192.168.1.80'
        option dest_port '3478 5349 49152-49172 24454 19132 51820 53'
        option target 'ACCEPT'

config rule
        option name 'GuestLanUDP'
        list proto 'udp'
        option src 'GuestLAN'
        option dest 'lan'
        list dest_ip '192.168.1.80'
        option dest_port '3478 5349 49152-49172 24454 19132 51820 53'
        option target 'ACCEPT'

config rule
        option name 'GwgvpnUDP'
        list proto 'udp'
        option src 'Guestwgvpn'
        option dest 'lan'
        list dest_ip '192.168.1.80'
        option dest_port '3478 5349 49152-49172 24454 19132 51820 53'
        option target 'ACCEPT'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Minecraft Java Server'
        list proto 'tcp'
        option src 'wan'
        option src_dport '25565'
        option dest_ip '192.168.1.80'
        option dest_port '25565'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Minecraft Java Voice Chat'
        list proto 'udp'
        option src 'wan'
        option src_dport '24454'
        option dest_ip '192.168.1.80'
        option dest_port '24454'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Wireguard'
        list proto 'udp'
        option src 'wan'
        option src_dport '51820'
        option dest_ip '192.168.1.80'
        option dest_port '51820'

config rule
        option name 'Roku'
        list proto 'tcp'
        option src 'lan'
        option dest 'GuestDHCP'
        option target 'ACCEPT'

Please show tests from various subnets you have via
[https://www.waveform.com/tools/bufferbloat]
(paste links, they dont publish your IP)

I am currently a floor above the router on the 5ghz band as I was about to head to bed, if I need to retest in the AM over LAN or just being closer to the router please let me know. :slight_smile:

Main LAN:

VPN:

Guest:

Guest VPN:

1 Like

Router is good as seen by wired result.

Should be easy to set country code and auto channel on both radios.

Small mistake yielding all pains - guestdhcp is unconnected in one of 2 wifi bands.

config wifi-iface 'wifinet4'
        option device 'radio0'
        option mode 'ap'
        option ssid 'House Guest'
        option encryption 'sae-mixed'
        option wmm '0'
        option isolate '1'
        option key 'removed'
        option network 'GuestDHCP'

config wifi-iface 'wifinet5'
        option device 'radio1'
        option mode 'ap'
        option ssid 'House Guest'
        option encryption 'sae-mixed'
        option isolate '1'
        option key 'removed'
!!!!!!!!!!!!!!!!!!! MISSING network in one band !!!!!!!!!!!!!!!!!!!!

repeat just F test after change :wink:

And enable WMM everywhere, disabled it drops bandwidth to 65Mbps, 20MHz

1 Like

Hi, thanks for your fast response! :slight_smile:
I applied the fixes you mentioned and the issue still seems to be occuring. When I woke up this morning my phone had disconnected from the Wifi, and upon trying to reconnect I got multiple IP Configuration errors for each SSID. I checked the OpenWrt logs and this is what I see. None of it immediately jumps out at me

Thu Jun  6 21:00:46 2024 daemon.info hostapd: phy0-ap3: STA f6:37:40:8e:f4:8b IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Thu Jun  6 21:00:47 2024 daemon.notice hostapd: phy0-ap1: AP-STA-DISCONNECTED 22:88:32:60:fd:9c
Thu Jun  6 21:00:47 2024 daemon.info hostapd: phy0-ap1: STA 22:88:32:60:fd:9c IEEE 802.11: disassociated
Thu Jun  6 21:00:47 2024 kern.info kernel: [41082.030903] ath10k_pci 0000:01:00.0: mac flush vdev 1 drop 0 queues 0x2 ar->paused: 0x0  arvif->paused: 0x0
Thu Jun  6 21:00:47 2024 daemon.info hostapd: phy0-ap3: STA f6:37:40:8e:f4:8b IEEE 802.11: authenticated
Thu Jun  6 21:00:47 2024 daemon.info hostapd: phy0-ap3: STA f6:37:40:8e:f4:8b IEEE 802.11: associated (aid 1)
Thu Jun  6 21:00:47 2024 daemon.notice hostapd: phy0-ap3: AP-STA-CONNECTED f6:37:40:8e:f4:8b auth_alg=open
Thu Jun  6 21:00:47 2024 daemon.info hostapd: phy0-ap3: STA f6:37:40:8e:f4:8b WPA: pairwise key handshake completed (RSN)
Thu Jun  6 21:00:47 2024 daemon.notice hostapd: phy0-ap3: EAPOL-4WAY-HS-COMPLETED f6:37:40:8e:f4:8b
Thu Jun  6 21:00:48 2024 daemon.info hostapd: phy0-ap1: STA 22:88:32:60:fd:9c IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

I also re-ran the F test which is now a C link

If there's any configs I should repost after being updated or any more logs let me know. Thanks!

I trust you did it right from improvement achieved.

perceived slowness source is often DNS.
pkill -USR1 dnsmasq ; logread -e dnsmasq

... cache size 2000, 4/146663 cache insertions re-used unexpired cache entries.
You can set cache to 10000 via luci if replacements hapoen.
check for slow/failing upstreams, likely doh dot dnscrypt to well known public provider can be used instead.

SQM may be too heavy for typical AC router. But worth trying with htop at hand.

Here's (part of) the output of that command

Thu Jun  6 22:53:15 2024 daemon.warn dnsmasq[1]: Maximum number of concurrent DNS queries reached (max: 150)
Thu Jun  6 23:10:45 2024 daemon.warn dnsmasq[1]: Maximum number of concurrent DNS queries reached (max: 150)
Thu Jun  6 23:10:51 2024 daemon.warn dnsmasq[1]: Maximum number of concurrent DNS queries reached (max: 150)
Thu Jun  6 23:15:43 2024 daemon.warn dnsmasq[1]: Maximum number of concurrent DNS queries reached (max: 150)

I'll see if I can find a way to increase the size in Luci, im not exactly sure where I'm looking though
EDIT: I think I found it in Network > DHCP and DNS > Limits > Size of DNS query cache. I set it to 10000.

And "max concurrent queries" right above new 10000 needs doublet if reached as per this log message

Likely worth investigating using tcpdump+wireshark if there is any device performing that many DNS queries, a load which would be in range of 20 peoples office.

I've been looking at tcpdump + also logging dns to the syslog in LuCi and it looks like a lot of the traffic is AWS trying to contact my homelab. I am not sure why it's doing that because I have set up the x-robots tag, and my old HP printer also seems to be trying to phone home to an HP website that no longer exists and it's doing that every couple minutes or so. Going to try to investigate both of those things further

It should have no impact on DNS queries in parallel from people at home....

What should I be looking for specifically and would having Pi-Hole set up have anything to do with it?

What DNS server pihole is using?

I have it set to use Quad9 (filtered, DNSSEC), Quad9 (unfiltered, no DNSSEC), and Quad9 (filtered, ECS, DNSSEC)

But you bypass pihole via dhcp options?
There is globally permitted any dns connection form most lan-s, mayb you want to enforce chain via pihole? bts dns it tcp too.

I set the pi-hole DNS to be the DNS of every interface on my OpenWrt Router, (so 192.168.1.80). What does bts dns it tcp mean? Sorry, I'm a bit of a newbie to networking.

dnsmasq was performinf >150 lookups at some moment ignoring new ones to configured "forwarders", likely your providers servers. Enable DNS+DHCP - log - log queries , must be something looking up some broken domain in rapid succession.

For testing I bumped it up to 10000 concurrent queries and it no longer displays the message in when I run pkill -USR1 dnsmasq ; logread -e dnsmasq, however it appears clients are still unable to connect...

Do you still get max concurrent queries log messages?
Also what servers you have in same pkill sollowup?
Anything slow/otherwise anomalous?

1 Like

The max concurrent queries log message does not show up anymore, currently it looks like a lot of traffic from localhost (127.0.0.1/44776) such as Fri Jun 7 21:08:59 2024 daemon.info dnsmasq[1]: 2850 127.0.0.1/56177 reply is truncated and about where devices are currently located. I can't tell if any of it is anomalous other than wireless clients failing to connect
This shows in the log when a device is trying to connect but fails:

Fri Jun  7 21:11:08 2024 daemon.notice hostapd: phy0-ap2: AP-STA-DISCONNECTED d4:e2:3f:32:7b:28
Fri Jun  7 21:11:08 2024 kern.info kernel: [ 2724.495255] ath10k_pci 0000:01:00.0: mac flush vdev 2 drop 0 queues 0x4 ar->paused: 0x0  arvif->paused: 0x0
Fri Jun  7 21:11:09 2024 daemon.info hostapd: phy0-ap3: STA c2:2b:19:f6:65:26 IEEE 802.11: authenticated
Fri Jun  7 21:11:09 2024 daemon.info hostapd: phy0-ap3: STA c2:2b:19:f6:65:26 IEEE 802.11: associated (aid 1)
Fri Jun  7 21:11:09 2024 daemon.notice hostapd: phy0-ap3: AP-STA-CONNECTED c2:2b:19:f6:65:26 auth_alg=open
Fri Jun  7 21:11:09 2024 daemon.info hostapd: phy0-ap3: STA c2:2b:19:f6:65:26 WPA: pairwise key handshake completed (RSN)
Fri Jun  7 21:11:09 2024 daemon.notice hostapd: phy0-ap3: EAPOL-4WAY-HS-COMPLETED c2:2b:19:f6:65:26

Update: It appears to only be happening on the ESSIDs that are routed through any interface but lan...