DNS issues with integrations only

I have a HA Green with a fairly standard network. Adguard as my local DNS resolver. Every couple days all my integrations that rely on DNS gets messed up stops work. I tried bunch of troubleshooting steps and I cant seem to get anything to stick other than rebooting the Green.

ha dns info
image

Resolve.conf
image

nslookup success
image

Adguard is bombarded with requests like this

Any help would be much appreciated!

What does this mean. Can’t resolve addresses or resolves wrong address?

Sound like dns issue. What about other devices on network?
How do you fix, reboot or reconnect to network?

all the integrations start throwing errors about not being able to resolve their respective DNS addresses.

For example

First occurred: February 1, 2025 at 6:11:41 PM (595 occurrences)
Last logged: 12:17:23 PM

Giving up _async_request(...) after 1 tries (aiohttp.client_exceptions.ClientConnectorDNSError: Cannot connect to host www.asthmaforecast.com:443 ssl:default [Could not contact DNS servers])
Giving up _async_request(...) after 1 tries (aiohttp.client_exceptions.ClientConnectorDNSError: Cannot connect to host flustar.com:443 ssl:default [Could not contact DNS servers])
Giving up _async_request(...) after 4 tries (aiohttp.client_exceptions.ClientConnectorDNSError: Cannot connect to host www.pollen.com:443 ssl:default [Could not contact DNS servers])
Giving up _async_request(...) after 4 tries (aiohttp.client_exceptions.ClientConnectorDNSError: Cannot connect to host www.asthmaforecast.com:443 ssl:default [Could not contact DNS servers])

Can you resolve IP’s against HA when it occurs ?

EXAMPLE
From Windows:
nslookup google.com <HA IP>

From Linux:
dig @<HA IP> google.com

Maybe adgaurd is crashing. Does adgaurd have any useful logs available?

Try to switch your external DNS server out.
I had problems with Google’s 8.8.8.8 and 8.8.4.4, so I now use Cloudflare’s 1.1.1.1

Yep while the integrations are logging DNS errors, im able to do nslookups via SSH and it’s able to resolve. The rest of the network is able to resolve IPs as well

The domains the integrations are trying to resolve doesnt seem to ever make it to Adguard. I did a tcpdump on the router that sits between my HA and adguard and I dont see those integrations making any DNS requests

My adguard is already set to 1.1.1.1 with 8.8.8.8 as backup.

How is adgaurd installed

On a raspberry Pi in a different subnet. everything is allowed to talk to it

Also im confused as to why HA is not using my DNS server.

HA is hardcoded to use cloudflare i believe

really if you have DNS server on your network you need to block all DNS traffic and forward it to your DNS or expect devices to escape your DNS and use their own.

For your issue maybe its a cache issue where it doesnt refresh. Have you determined if the DNS queries are failing or just retrieving incorrect IP?

I’ll try blocking and redirecting dns to my own. Thanks for the suggestion!

Just curious… Why?

Why add the complexity and configuration challenges that AdGuard introduces?

Also, only integrations? What about Add-on’s?

Adguard provides adblocking and general privacy/malware protections. Also because I want to :slight_smile: I havent had any DNS issues with Adguard and it requires minimal configuration. almost everything in my network respect the local adguard DNS instance I have setup through DHCP lease options.

I’ve only noticed the integrations breaking when this happens. I have z-wave JS UI and Matter server add-ons. Upon closer inspection, they seem to be affected by. the DNS errors too

2025-02-09 17:07:02.409 (MainThread) WARNING [matter_server.server.helpers.paa_certificates] Fetching latest certificates failed: error Cannot connect to host api.github.com:443 ssl:default [Temporary failure in name resolution]

Could it be an IPv6 issue?
Either with your network or your DNS resolution.

I know both Google and GitHub run IPv6 services and IPv6 will automatically be tried before IPv4.