FLINT 2 | Works fine with AdGuard.. and now its almost dead :(

Routers
1

So my situation is very simple.

I was successfully using ADGH—everything was working—and then it suddenly stopped. DNS responses are so slow that it's practically impossible to use the internet.

When I disable ADGH, everything returns to normal.

My DNS servers are:
tls://dns.quad9.net
tls://dns.adguard-dns.com
tls://one.one.one.one

..but this is how it works in real life:

image
image899×572 29.2 KB

…and my logs looks like this
—–

Sun Nov 2 08:03:19 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:19.578741 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:42978->149.112.112.10:53: i/o timeout" Sun Nov 2 08:03:19 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:19.578741 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:59480->149.112.112.10:53: i/o timeout" Sun Nov 2 08:03:19 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:19.650221 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:55708->149.112.112.10:53: i/o timeout" Sun Nov 2 08:03:23 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:23.408002 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:52821->149.112.112.10:53: i/o timeout" Sun Nov 2 08:03:23 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:23.408002 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:41863->149.112.112.10:53: i/o timeout" Sun Nov 2 08:03:27 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:27.236558 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:45319->149.112.112.10:53: i/o timeout" Sun Nov 2 08:03:27 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:27.236558 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:36428->149.112.112.10:53: i/o timeout" Sun Nov 2 08:03:30 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:30.475642 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:38191->149.112.112.10:53: i/o timeout" Sun Nov 2 08:03:30 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:30.475642 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:37826->149.112.112.10:53: i/o timeout" Sun Nov 2 08:03:33 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:33.380748 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:39110->149.112.112.10:53: i/o timeout" Sun Nov 2 08:03:33 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:33.380748 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:54871->149.112.112.10:53: i/o timeout" Sun Nov 2 08:03:44 2025 user.notice AdGuardHome[18973]: 2025/11/02 07:03:44.752618 ERROR response received addr=149.112.112.10:53 proto=udp status="exchanging with 149.112.112.10:53 over udp: read udp 192.168.254.100:41227->149.112.112.10:53: i/o timeout"

What ive tried:

  • Restart Flint2
  • Restart ADGH
  • FW upgrade (right now im on actual stable)
  • IGMP Snooping (on/off - since it was my last change in setup before the problem occur)

**I heard there are some cyber attacks going on - but is that actually related?

Is there anything more what i can do?**

— EDIT —
Funny thing - the forum site works perfect - as normal. No other europe-based sites works as normal…

— EDIT 2 —
Sun Nov 2 08:26:56 2025 daemon.warn dnsmasq[13386]: possible DNS-rebind attack detected: ``nlb-o15yovwgajdxn1mzb2.cn-shanghai.nlb.aliyuncsslb.com`` Sun Nov 2 08:30:24 2025 daemon.info dnsmasq-dhcp[13386]: DHCPREQUEST(br-lan) 192.168.1.207 00:09:b0:61:53:f4 Sun Nov 2 08:30:24 2025 daemon.info dnsmasq-dhcp[13386]: DHCPACK(br-lan) 192.168.1.207 00:09:b0:61:53:f4 Onkyo-TX-RZ50-6153F4

Looks like some DNS-rebind attack is going…

— EDIT 3 —
…after modem and ruter restart everything looks normal… so what could be the solution for this in future? External network problem?

2

There can be multiple things here.

First the rebind attack:

Some devices use a domain pointing to your local network this is harmless but can also be leveraged in a attack, if you know where it comes from disable dhcp rebinding.

As for the time outs:

My guess points to a few things here.

  • how many lists do you use with ADGH?
    a too big list makes your router too saturated and overloaded where things fail to work.

  • is vpn activated?
    if so then there might be a issue here, maybe you need to enable the ADGH dns in your tunnel, I believe for wireguard there is a settings icon called allow lan, check this.

    you may also check the dns settings aswell, to use ADGH for vpn, im not sure if there is a checkbox for.

3 Likes
3

Thanks for yout tips.

  • ive got probably to many lists - but i dont know which i can cancel or even how to merge them into one :frowning:
  • i dont use VPN - i didnt find it neccessary for my home use.

my internet works better - but still DNS response is ~500ms… but after whole day im not sure if my problems are caused by router - od some cyber attacks in regions where i live.

4

I would advise to first use ADGH default list no other lists :slight_smile: , then keep it that way and see if the situation is fixed.

Later you can check on the forum what people recommend often they keep it about one list or 2, some lists include all the lists this is why it is very possible this resulted in a way to big list, you got them double.

This sound the router is overloaded :slight_smile:

5

And how can i check it?

System ovevwiev shows me normal work.

…but ADGH response time is back to normal

image
image897×571 23.4 KB

…so it looks like it was just some kind of results of many cyber-attacks from last days.

I cant find any other reasons…

6

By doing the most minimal list and see if your ping improves, you can also see it on the memory usage.

1 Like
7

Just activate one or two lists: ad guard and Steven Black, clear cache and statistics, reboot your router and test it. You can use htop through ssh to see memory and cpu.

1 Like
8

Looks good?

image
image1569×416 23.6 KB

9

Still a bit on the high side imho, the thing is you have no control how big the list can increase.

On my Flint 2 with pure OpenWrt I see 38% usage with pbr and banip, but your routers disk space also shares with the memory.