HomeAssistant sends 15-20 req per *second* to 1.1.1.1 and 1.0.0.1
See original GitHub issueDescribe the issue you are experiencing
While DNS is surely important for HASS contacting a 3-rd party provider without my constant is not cool. However it looks like this is ignored and not seen as a privacy problem. Fair enough, but why is HASS essentially performing a SYN flood attack:
ha dns logs
confirms that indeed it’s HASS making these requests in some sort of a loop:
This to me seems like at least a bug - it shouldn’t be happening 15-20x a second. Moreover HASS receives and uses the DHCP-provided DNS, so there’s completely no reason for the instance to query 1.1.1.1
and 1.0.0.1
.
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Home Assistant Operating System
Steps to reproduce the issue
- Block outbound connections from HASS to
TCP/853
- Observe outgoing traffic
Anything in the Supervisor logs that might be useful for us?
N/A
System Health information
N/A
Supervisor diagnostics
No response
Additional information
No response
Issue Analytics
- State:
- Created 10 months ago
- Reactions:5
- Comments:6
Top Results From Across the Web
Blocking 1.0.0.1 and 1.1.1.1 - Home Assistant Community
1.1. I block all outbound DNS except what's coming from my DNS servers. I just installed HA due to the Insteon going out...
Read more >Homeassistant trying to use Cloudflare DNS 1.1.1.1 and 1.0 ...
My Home Assistant is trying to constantly contact Cloudflare's 1.1. 1.1 and 1.0. 0.1 DNS servers even though I do not hand these...
Read more >CoreDNS is burning CPU and spamming my network ... - GitHub
I noticed that my Home Assistant OS running in a VM on an Intel NUC ... request/second) comres from HA which is trying...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
You would need to have the addon SSH & Web Terminal installed …
at the prompt you would type in the line : ha dns options --fallback=false
that sets the flag to not use the fallback dns hardcoded in the software (I guess it was done this way to help some people who were having serious dns / name resolution issues. They do use TLS to encrypt and obscure the requests)
it does persist after a reboot (I just checked)… I believe the file it updates is in the root filesystem that you can only see if you have setup SSH to the OS … is /mnt/data/supervisor/dns.json but you should only use the CLI command I specified above to avoid trashing the config…as it may make other changes elsewhere that I am not aware of.
the link you provided pretty much explains it all… and like I said you could always set it back to True if some problems arise…
ha dns options --fallback=false (in a SSH session where the cli is available)
seems to have stopped it for me of course if you run into issues you can set it back to true…