Flint 2 4.7.7 to 4.8.2 broken

Hey,

So many month watching for a new stable update to be released, looked up like everyday and now its there and im really disappointed.

Upgraded localy with keep settings and after an hour i got no Internet connection because of dnsmasq.

Log says: “Thu Sep 4 21:02:03 2025 daemon.warn dnsmasq[27302]: Maximum number of concurrent DNS queries reached (max: 150)”

So i tried to set “max-concurrent-queries” to 500 i luci,rebooted and now i cant even access the webinterface. Waited like half a year for this ? Come on… i also dont get why no Bugfixes appear in the changelog ? When i see that in snapshot firmware are many Bugs fixed. We need Bugs fixed instead of new Features-.-

Highly related:

My problem hast nothing to do with vpn… vpn was working fine as i tested it quickly.how much was max concurrent queries in 4.7.7 btw ?

Part of PBR is how dnsmasq now routes DNS over VPN. I don't run a Flint v2. Here's how to get the stock conf

mkdir -p /tmp/dnsmasq-ipk
cd /tmp/dnsmasq-ipk
opkg update && opkg download dnsmasq
tar -zxf dnsmasq*.ipk && tar -zxf data.tar.gz
cat /tmp/dnsmasq-ipk/etc/config/dhcp

This is a long standing issue with the firmwares btw.

It’s not the first time people complain about low max concurent limit, compared to normal OpenWrt.

But to be sure this is not something backup related, have you tried it with a clean reset and making a backup before doing this?

Here is where I have a issue with (This is not directed to OP, but as an result.):

When reporting and noting, did the developers accidentally introduced a new issue to someones misconfiguration?, why was lowering a value needed vs OpenWrt default value for max concurent queries?

What I miss is a sticky forum post, explaining how to report an issue, with steps which need to be done first before reporting an issue.

Another example I come across is iPoE, iPoE is just dhcp on the wan side, but sometimes I notice so many reports being noted, that it doesn’t even make any sense, OpenWrts dhcp feature just works?

I get it about ipv6, or supporting vlan, but these issues will be gone, no?, but i’d still see things being noted as bugs when I wonder what they try to fix?, there really isn’t a reason to, if default behaviour from OpenWrt is respected.

What I often miss is topology info, switch info, full picture and if a bug reporter also tried it in a reset state, without fidling in luci, and vice versa replicating should naturally follow the same steps from firstboot towards the steps.

Alot of topics are absolutely not clear, and many times just acusational or even rude with barely usable info, instead of based on facts and clear evidence, which can help the community but also developers in general, I don't think a sticky with a format how to post in support would hurt.

Good point there.

As there are betas,snapshots,legacy fws etc , i dont understand that there is immediately issues after flashing. And the issue is quiet simple. Why this low querie limit ? Or release new firmware with old dnsmasq version and no ipv6 wireguard. I dont flashed beta or snapshot firmware. Did anyone tested this ? I think gl inet focuses much more on new products instead of giving support to older models. The point as always is sell and make money instead of giving support and updates for free i guess. Not everyone wants to run vanilla openwrt. I also dont get why i cant access webinterface after setting querie limit higher. I also enabled dnssec in luci. Cant imagine the point of not having access to webinterface. Im going to reset and Flash to 4.7.7 again. I hope flint 2 will get more love and Support in the future ! Really…

If you want DNSSEC you'd be better off flipping on DOH within the GL GUI then tailoring a conf @ /etc/dnscrypt-proxy2/dnscrypt-proxy.toml. I bet it'll solve your DNS connection limit once you set an appropriate value for max_clients.

No one reads TOS. No one reads stickies. No one states the firmware. No one posts logs. No one asks singular questions. No one posts properly titled threads. No one marks solutions. No one keeps on topic.

the_suck273×316 28.2 KB

I dont had to turn it on because i run adguard on proxmox but yeah… but the problem was that i hadnt a connection since then and unable to log into webinterface. I just resettet the fw and just for trying backing up the config from 4.7.7 to see if it gets brocken again.

I see, but that shouldn't be a problem if they enforce this format only for that section on the forum.

On github when I make a issue on OpenWrt, I have multiple required fields which basicly forces you to write all needed steps.

If you're running a homelab IDK why you wouldn't just dump the GL firmware & flash pure. Eat any downgrade in performance in exchange for full flexibity instead of the pseudo-OpenWrt & stale repo, kernel GL builds on. You already know wired is always going to outperform Wi-Fi. Their firmware is a hindrance to someone like you.

Drop the Argon theme on it if you don't like stock LuCI. The GL GUI only makes sense for SOHO & travel users.

I guess ur right but what about the open Source wlan drivers ? There is a reason why gl inet uses the Mediathek ones. Im not a professional but i learn more and more network stuff. Setting up everything manual could be challenging sometimes when u need Internet. For a second router to play with, no problem

Im back on 4.7.7 because i got many errors with my settings on 4.8.2. What about the op24 firmware betas ? Its just op24 with gl inet gui and open Source wlan drivers , right ? I hate to stay on op21 when 24 is avalible -.-

The problem with op24 is, while it is built on OWRT 24.x & uses the OWRT F/OSS WLAN modules/drivers, it still uses the GL GUI... but the problem isn't actually the GUI; it's all the custom scripts GL adds 'under the hood' to make that GUI function (case in point: the new PBR feature changes dnsmasq behavior). You might as well just run pure OWRT 24.02.

The critical detail to know is when flashing 'pure' OWRT is to only use the sysupgrade tagged releases. You should have no trouble flashing it via the GL GUI. It's the bootimg version puts one at risk of bricking the device. Do not use bootimg.

It's trivial to flash back to GL firmware using the 'U-boot WebGUI'. See the link below. If you can set up Proxmox you have more than enough skill to flip back & forth between firmware as desired. Just don't mix up your backup tarballs. Here's a script to help quickly make backups. You can pull them down via SFTP (opkg update && opkg install openssh-sftp-server).

Here's confirmation the Flint v2 (GL-MT6000) v4.8.0's dnsmasq behavior is changed per GL.iNet support staff:

Hi

We've tested with a Flint 2 on firmware version 4.8.2, and we haven't been able to reproduce the issue about max-concurrent-queries.
(Configured via Luci, but queried via uci as that we can show the configuration persists after a reboot.)

image973×707 18.4 KB

This setting is also set to 150 by default in firmware 4.7.7.
Therefore, the issue may not lie here.

image2865×1528 384 KB

Based on your post, it looks like dnsmasq on your Flint 2 is configured to act as a DNS proxy, forwarding all DNS queries to AdGuard Home, which is running on your Proxmox server.

If your AdGuard Home's upstream DNS server becomes unresponsive, it could cause dnsmasq to quickly hit its maximum concurrent queries limit.
This would then lead to the error message you're seeing.

Hey, my dns is set to Internal ip from my adguard. Thats all. DHCP dns is also set to adguard. My proxmox or adguard was stable at that time. As soon is a flashed back to 4.7.7 everything was normal and i didnt restart adguard. I will try to go to 4.8.2 with keep settings checked to see if i get errors again and then tell you.