Re: OpenDNS stops replying, is it throttling me?

jim-j · ‎01-31-2025

I normally use 208.67.222.222 as my DNS server. For the last couple weeks at least once a day 208.67.222.222 stops replying to my DNS queries. I've verified this with a packet capture that the DNS queries leave my router, but they don't get a reply.

If I switch to a different DNS server (like 1.1.1.1) DNS immediately starts replying (working) again. After 15 minutes if I switch my DNS server back to 208.67.222.222 it works. It seems like OpenDNS stops replying to me because I'm sending to many queries and if I stop querying it for a short time it stops blocking me and replies to my queries.

I don't I'm sending an excessive number of queries so I don't know why it'd intentionally be blocking me. If it is blocking me can I find out why?

I'm using OpenDNS on a DD-WRT router, but I don't think that's relevant as my packet captures prove the queries are valid and leaving my router ok. OpenDNS just stops replying.

adamwin · ‎02-01-2025

OpenDNS has throttling for unregistered networks, but it's a very high limit that a single household shouldn't get anywhere near hitting.

If you haven't already, registering your network (Ip address) is worth trying. It's very easy if you have a static IP (https://support.opendns.com/hc/en-us/articles/227988127-Getting-started-About-using-OpenDNS#Adding_a_Network), and also pretty straightfoward for dynamic IPs: https://support.opendns.com/hc/en-us/articles/227987767-Using-Dynamic-DNS-with-OpenDNS

ccieexpert · ‎02-01-2025

sometimes a machine may have something crazy going on...i saw atleast one instance where there was a ton of dns traffic and that may exceed the limits... do you have only one user or multiple users behind this public ip ? also do you have a public ip ? Sometimes a ip can be shared and you get a non-public ip and then it can be shared amongst multiple customers.. Something to watch out I would be good to do a dns only filtered capture to the 208.67 ip to see the rate of DNS . If you can do on the router for a few minutes, that will give you a good of the rate and also patterns of no responses..

jim-j · ‎02-03-2025

Thanks for the replies/info. I already have my IP registered, but it doesn't sound like I'd be rate limited anyway. I've taken captures which show OpenDNS simply stop responding, but now I think my captures are flawed. My guess is my packets aren't actually leaving my router, but unfortunately I'm not able to take an external capture to verify this. I've found that restarting a few processes on my router causes DNS resolution to work again, so I'm going to focus my troubleshooting on my router.

I peak at 5-6k DNS queries per hour, but there doesn't seem to be a correlation between DNS utilization and the problem occurring.

ccieexpert · ‎02-04-2025

for a few minutes for a test - one thing you can do is to point the DNS to a dummy address at your home ISP etc.. or if you have another office.. and then do packet captures at receiving side and compare with the inside of sending router and see if you got all of them... a good way if you have captures then you can do a dns packet count for a specific time range... your router may have some sort of dns proxying/inspection.. i would just turn off any dns setting on the router so it is completely pass through.