DNS stops working when downloading at high speeds

WuTang LAN

Regular Contributor
Hey guys, I've got a bit of an odd one that has got me stumped.

When downloading a game on Steam, above 300 Mbps, DNS stops working after around 10 minutes of downloading. I can still ping external IP addresses but I can't resolve any domain names (this affects all devices connected to my router). Changing to a different public DNS server on the router brings WAN connectivity back but the same issue occurs again if I try to download a game on Steam (rebooting router also has the same effect). It's happening on Cloudflare's and Quad9's servers.

These are my DNS settings

Screenshot from 2022-03-13 07-49-57.png


I've tried experimenting with throttling the download speed in the Steam client and, if I limit the download speed to 300 Mbps it downloads fine, but downloading at 350 - 500 Mbps and DNS stops working. The AC68U should be strong enough to cope with 500Mbps WAN speed, right?

Other than this my connection is perfectly stable although downloading games is the only thing that really reaches that high of bandwidth usage for that length of time.
 
Last edited:

bbunge

Part of the Furniture
Why no resolver in DNS Server 2? I suppose you only have one resolver set in DoT? Use two DNS resolvers!
Try disabling DNSSEC if you have it enabled.
 
Last edited:

WuTang LAN

Regular Contributor
Why no resolver in DNS Server 2? I suppose you only have one resolver set in DoT? Use two DNS resolvers!
Try disabling DNSSEC if you have it enabled.
Still failed with DNSSEC disabled. The download did last longer longer with DNSSEC disabled, it reached 95% and it usually fails 40-60% (I download the same game each time during testing).

Any help or suggestions on what could be causing this and how to fix it?
 

ColinTaylor

Part of the Furniture
Try disabling DoT as that is what your router will currently be using after it's booted up rather than the DNS Server1 setting.
 

OzarkEdge

Part of the Furniture
Still failed with DNSSEC disabled. The download did last longer longer with DNSSEC disabled, it reached 95% and it usually fails 40-60% (I download the same game each time during testing).

Any help or suggestions on what could be causing this and how to fix it?

Presumably you have tested with different downloads/sources(?).

OE
 

WuTang LAN

Regular Contributor
Try disabling DoT as that is what your router will currently be using after it's booted up rather than the DNS Server1 setting.
Hi Colin, I'll try that. I'm using the same DNS server for DoT though (1.1.1.1).
 

WuTang LAN

Regular Contributor
Presumably you have tested with different downloads/sources(?).

OE

I've has the issue when downloading a game in both the Steam client and the Battle.net client. So it isn't Steam specific anymore. Although, in Steam, it only happens when I increase download speed above 300Mbps. I've successfully downloaded games at 300Mbps consistently (tested about 10 times now) but as soon as I go to 350Mbps and above the network dies. I don't understand why it would be stable at 300Mbps but not higher.
 

OzarkEdge

Part of the Furniture
I've has the issue when downloading a game in both the Steam client and the Battle.net client. So it isn't Steam specific anymore. Although, in Steam, it only happens when I increase download speed above 300Mbps. I've successfully downloaded games at 300Mbps consistently (tested about 10 times now) but as soon as I go to 350Mbps and above the network dies. I don't understand why it would be stable at 300Mbps but not higher.

I wonder if you could be overheating/overstressing something and it fallsover. Any clues in the Log?

OE
 

ColinTaylor

Part of the Furniture
Hi Colin, I'll try that. I'm using the same DNS server for DoT though (1.1.1.1).
You're not really though. Regular DNS and DoT use completely different ports and protocols as well as connecting to different services running on the router.
 

WuTang LAN

Regular Contributor
I wonder if you could be overheating/overstressing something and it fallsover. Any clues in the Log?

OE
Sadly not, unless they're being filtered out.
Log settings: Default message log level = notice. Log only messages more urgent than = debug.
 

OzarkEdge

Part of the Furniture
Sadly not, unless they're being filtered out.
Log settings: Default message log level = notice. Log only messages more urgent than = debug.

No logging could support my novice theory of a sudden hardware event/threshold.

OE
 

Tech9

Part of the Furniture
I would also try disabling DoT and use Google/OpenDNS servers to test. Some Quad9 issues lately in my location.
 

WuTang LAN

Regular Contributor
You're not really though. Regular DNS and DoT use completely different ports and protocols as well as connecting to different services running on the router.
Apologies - I'm still learning.

So, I've disabled DoT and DNSSEC and I've successfully downloaded the game twice in a row at 450Mbps (150Mbps faster than before). This is looking promising! Now my next question is, is this a hardware limitation of the RT-AC68U not being powerful enough to handle DoT and DNSSEC at these speeds? Or is this more of an issue with the public DNS servers when using DoT?
 
Last edited:

coxhaus

Part of the Furniture
My guess is your QoS is not working correctly. How about changing your DNS port to a higher priority?

The base router code should do this in my way of thinking without applying QoS.
 

Tech9

Part of the Furniture

Paliv

Senior Member
No. DNS traffic is minimal.



More likely.
I like the idea of DoT, but it leads to weird, transient quirks. I know its very CPU intensive for the resolvers. Least problems with my ISP DNS.
 
Last edited:

Tech9

Part of the Furniture
Not very CPU intensive on ARM routers. The CPU has to encrypt small amount of data only.
 

Paliv

Senior Member
Not very CPU intensive on ARM routers. The CPU has to encrypt small amount of data only.
Not the router, the server. Bill W from Quad9 has stated a lot of times when issues pop up with DoT it's because they need to increase capacity.
 

Tech9

Part of the Furniture
Well, you don't offer services you have no capacity for.
 

Paliv

Senior Member
Well, you don't offer services you have no capacity for.
Agreed, which is just another reason why a lot of people end up just not using DoT when it becomes a hassle.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top