question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

HomeAssistant sends 15-20 req per *second* to 1.1.1.1 and 1.0.0.1

See original GitHub issue

Describe the issue you are experiencing

While DNS is surely important for HASS contacting a 3-rd party provider without my constant is not cool. However it looks like this is ignored and not seen as a privacy problem. Fair enough, but why is HASS essentially performing a SYN flood attack:

image

ha dns logs confirms that indeed it’s HASS making these requests in some sort of a loop: image

This to me seems like at least a bug - it shouldn’t be happening 15-20x a second. Moreover HASS receives and uses the DHCP-provided DNS, so there’s completely no reason for the instance to query 1.1.1.1 and 1.0.0.1.

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Steps to reproduce the issue

  1. Block outbound connections from HASS to TCP/853
  2. Observe outgoing traffic

Anything in the Supervisor logs that might be useful for us?

N/A

System Health information

N/A

Supervisor diagnostics

No response

Additional information

No response

Issue Analytics

  • State:open
  • Created 10 months ago
  • Reactions:5
  • Comments:6

github_iconTop GitHub Comments

1reaction
jweston2112commented, Nov 24, 2022

You would need to have the addon SSH & Web Terminal installed …

at the prompt you would type in the line : ha dns options --fallback=false

that sets the flag to not use the fallback dns hardcoded in the software (I guess it was done this way to help some people who were having serious dns / name resolution issues. They do use TLS to encrypt and obscure the requests)

it does persist after a reboot (I just checked)… I believe the file it updates is in the root filesystem that you can only see if you have setup SSH to the OS … is /mnt/data/supervisor/dns.json but you should only use the CLI command I specified above to avoid trashing the config…as it may make other changes elsewhere that I am not aware of.

# cat dns.json
{
  "fallback": false,
  "servers": [],
  "version": "2022.04.1",
  "image": "ghcr.io/home-assistant/amd64-hassio-dns"
}# 

the link you provided pretty much explains it all… and like I said you could always set it back to True if some problems arise…

1reaction
jweston2112commented, Nov 23, 2022

ha dns options --fallback=false (in a SSH session where the cli is available)

seems to have stopped it for me of course if you run into issues you can set it back to true…

Read more comments on GitHub >

github_iconTop Results From Across the Web

Blocking 1.0.0.1 and 1.1.1.1 - Home Assistant Community
1.1. I block all outbound DNS except what's coming from my DNS servers. I just installed HA due to the Insteon going out...
Read more >
Homeassistant trying to use Cloudflare DNS 1.1.1.1 and 1.0 ...
My Home Assistant is trying to constantly contact Cloudflare's 1.1. 1.1 and 1.0. 0.1 DNS servers even though I do not hand these...
Read more >
CoreDNS is burning CPU and spamming my network ... - GitHub
I noticed that my Home Assistant OS running in a VM on an Intel NUC ... request/second) comres from HA which is trying...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found