Amcrest camera making high number of DNS queries for config.amcrestcloud.com

joelp · November 10, 2021, 1:33am

I was wondering if anyone else has seen an issue where your Amcrest camera is making a large amount of DNS queries to config.amcrestcloud.com.

I never used any Amcrest cloud services. I have no plan to.

Anyone know how to fix this and stop it from querying DNS so much?

It is on top of my Pihole Top Blocked Domains by an order of magnitude. I also blocked the cam’s static ip access to the internet.

EDIT: Even after upgrading to the latest firmware (3-19-2001) it is still phoning home. In fact I think it got worse – seeing over 30k DNS requests in a 24 hour period in my Pihole logs. Insane.

Solution: In Setup under Network, use Static settings and put in an invalid DNS address.

tmjpugh · November 10, 2021, 2:25am

Disable P2P

Another user disable P2P and only after it was allowed to connect to that address did it stop. If that address was blocked they say it continue to try

http://amcrest.com/forum/ip-cameras-f18/ip-cam-dns-query-overload-t14270.html

dCon0ne · November 10, 2021, 4:06am

Since, Sept 9th till today, I have 38 queries to config.amcrestcloud.com. What do you consider to be, too many. Oh, and I have 6 Am Cam, 1- AD110 Doorbell v1, 2 - IP2M-841B-v3, 3 IP2M-841B-v1

joelp · November 10, 2021, 7:32pm

I have an Amcrest IP8M-2496EB-40MM bullet cam. In the last 24 hours the camera has made 16336 DNS queries.

To be honest even 36 queries are too much if I explicitly do not want the camera “phoning home”.

joelp · November 10, 2021, 7:41pm

Thanks for the reply.

P2P was already disabled so I’m still seeing over 16K queries in a 24 hour period.

That link is useful also because it lead me to another thread where upgrading firmware helps (but doesn’t completely eliminate). Apparently I have to register (email etc) with Amcrest to get a firmware update?? grrrrr…

ctowers · January 24, 2022, 2:37am

Today I noticed crazy amount of queries from my ASH26-W amcrest camera (90K in a 3 hour period), updated the firmware, it also got worse… I finally got it to stop by disabling stuff through the web API. These were the domains discovered through pihole: drs.zencamcloud.com and p2pasplus.zencamcloud.com

If your amcrest camera supports it, start with this command in a web browser (You’ll need the username:password) it will show you all the configs:

http://Your-CAM-IP/cgi-bin/configManager.cgi?action=getConfig&name=All

Eureka moment when I found the domains with the associated configs: T2UServer & VSP_PaaS

For example,T2UServer config looked like this:
http://Your-CAM-IP/cgi-bin/configManager.cgi?action=getConfig&name=T2UServer

table.T2UServer.Enable=true
table.T2UServer.HttpsRegisterPort=12367
table.T2UServer.Key=[redacted]
table.T2UServer.Port=8800
table.T2UServer.RecvBufferSize=524288
table.T2UServer.RegisterPort=12366
table.T2UServer.RegisterServer=p2pasplus.zencamcloud.com
table.T2UServer.ThreadNum=1
table.T2UServer.Type=dhp2p
table.T2UServer.UUID=[redacted]
table.T2UServer.Username=[redacted]
table.T2UServer.WebVersion=2.420.0

Ran these commands to disable each feature:
http://Your-CAM-IP/cgi-bin/configManager.cgi?action=setConfig&T2UServer.Enable=false

and

http://Your-CAM-IP/cgi-bin/configManager.cgi?action=setConfig&VSP_PaaS.Enable=false

If you use any Amcrest apps, these commands will probably break functionality use caution. I run all my cams locally with blueiris and HA, didn’t break anything for me.

catboxer · February 9, 2023, 12:43am

OMG thank you, just set up a new firewall and had literally 800k DNS queries shot down in 36 hours from 4 cameras. Hopefully this is persistent across camera reboots!

ibxl1 · May 9, 2023, 2:24pm

I have an Amcrest IP4M, there were additional thousands of call to config.amcrestcloud.com.
turns out that it was on the “Amcrest” config (http://[YOU_CAMERA_IP]/cgi-bin/configManager.cgi?action=getConfig&name=Amcrest) and that was cannot be turned off.

the only solution I got to avoid a tsunami of DNS calls was to replace that value with 0.0.0.0 (I’m running the cameras locally with a firewall to prevent any outgoing traffic anyway)

http://[YOUR_CAMERA_IP]/cgi-bin/configManager.cgi?action=setConfig&Amcrest.ConfigAddress=0.0.0.0

polskikrol · May 17, 2023, 11:58pm

Tested this setting, bit it does not survive a reboot and the values are back. Attempted this twice. Additionally, I tried to create and delete a test user to maybe generate a save event, but I always thought that any of the API setconfig commands write to the config in saved memory. Appears to be hard coded into the firmware to reset these values.

thornygravy · May 26, 2023, 9:45am

This post on github:

github.com

bigmak40/projects/blob/d2a4406028e6f19282ebada376e24ea975676072/home assistant/node red/monitoring ad410.md

# Monitoring the AD410

The Amcrest AD410 (rebranded Dahua) is a decent camera but constantly pings their home servers. After blocking it from internet access via firewall rules, the camera will continue to stream RTSP just fine but a timeout will eventually occur where it detects it does not have internet access. In order to alert the user, it will then start flashing green which is pretty annoying.

To prevent this from happening, I use a Node-RED flow that runs periodically. I'll step through each step in the flow and how it's configured. I know this might be dumbed down, but want to make sure anyone who only has a cursory knowledge of Node-RED can follow along.

## Backing up camera configuration

Before doing anything, I recommend querying the camera and backing up the full configuration. This way, in case you mess anything up you can see how it was originally configured. Doing so is easy; just go to the following URL and log in using your camera username and password (my password is admin, don't remember when this gets set).

`http://[camera local IP]/cgi-bin/configManager.cgi?action=getConfig&name=All`

## Automatically checking and fixing offline status

![Screenshot of flow](https://raw.githubusercontent.com/bigmak40/projects/main/home%20assistant/node%20red/01%20overall%20flow.png)

1. Inject Node
   * Set to repeat every 15 minutes; probably can run less often, but this is fine
2. HTTP Request Node
   * Method: `POST`

This file has been truncated. show original

shows you how to automate config file changes in node red. Just thought I’d throw that out there.