I am surprised about the network address resolution in HA.
I have an OPNSense firewall that provides its own IP as the DNS server and when examining the DNS configuration using
ha dns info, I get:
[core-ssh ~]$ ha dns info host: 172.30.32.3 locals: - dns://10.33.2.254 servers:  update_available: false version: 2021.06.0 version_latest: 2021.06.0
On my firewall, I override some DNS entries to point to the local network address (10.X.X.X) rather than the public (dynamic) network address.
So I want MYPUBLICDOMAIN to resolve to 10.33.2.X (which depends on the subdomain as well).
When I resolve my network address using
nslookup MYPUBLICDOMAIN, I get my public address, and when I do
nslookup MYPUBLICDOMAIN 10.33.2.254, I get 10.33.2.175 back.
A ping to MYPUBLICDOMAIN resolves in a ping to the public network address.
The anwser is more or less found in the dns log, which can be read using
ha dns log:
[ERROR] plugin/errors: 2 . NS: dial tcp 184.108.40.206:853: i/o timeout [INFO] 127.0.0.1:52905 - 61064 "NS IN . udp 17 false 512" NOERROR - 0 30.000761029s [ERROR] plugin/errors: 2 . NS: dial tcp 220.127.116.11:853: i/o timeout [INFO] 172.30.32.2:36022 - 17994 "A IN version.home-assistant.io. udp 43 false 512" NOERROR - 0 4.006484812s
So the local dns service is checking addresses on cloudflare - WTH ?! That’s not what I want - my firewall is acting as a DNS filter as well (it seems that I’ll need to find a way to block those alternative DNS services).
The expected behavior is to use the configuration provided by the DHCP server first. I would also not use a third party service unless getting acceptation from the user. And maybe let him choose between Cloudflare, freenom.world, google, etc.
How to make this work properly?
To point to my local dns service first, I did this:
ha dns option --servers dns://10.33.2.254 --servers dns://18.104.22.168 --servers dns://22.214.171.124
But IMHO that’s not something that should be required!
[Note: I am also adding a rule to my firewall: HOWTO - Redirect all DNS Requests to Opnsense -
nslookup MYPUBLICDOMAIN 126.96.36.199 now shows my local address as well]