Look at the one’s starting with Hassio:
@francisp How did you get that list? I’ld love to be able to intervene on the containers (I am running two systems: on on a Pi and another one on a Nuc).
@koying As far as I understand, the DNS server is an Add-on that can be added by choice - as I did not see any use for it, I did not add it.
The description says: “For example, you can have your Home Assistant domain resolve with an internal address inside your network.”.
So yes, that is what I did on my firewall - my publicdomain is resolved to a local IP inside my network.
That addon allows you to add static IPs, etc.
Then of course the DNS server would also require the DHCP server to be installed so that you can tell your clients that they should not use the internet router.
As long as those are choices, that’s fine by me, sending of DNS queries to a party not “dictated” by my setup is another. I know that some information for usage statistics is sent to Nabu Casa in several ways which is pretty much unavoidable if you configure a system for automatic updates.
Base on the list provided by @francisp , I am in favor of this approach and I do not consider it to be excessive - it’s almost not enough because there could be one container per integration - that might help avoid restarting my ZHA every time I make a change to the configuration that requires an HA restart which stops my ZHA for a moment, and puts some of the devices to a temporary sleep - I even have a few that do not recover all the time from such an interruption.
Looks like Portainer
Indeed, Portainer.
Nope. hassio-dns is not optional, and you have it, whether you like it or not, as you noticed, basically.
Sidebar, and I’m interested: what do the firewall rules look like around this?
I mean, blocking local devices from reaching out to 1.1.1.1 is only half of the fight, right?
Now back to the subject - With the levels of control you are looking for, the install method of HAOS might not be for you. Consider either Core or Container methods.
- Unfortunately, Portainer is discontinued - it would have been nice for monitoring/restarting only.
-
hassio-dns is not optional- Ok, I can’t check because I cant install portainer - while the configuration looks more like a “resolv.conf” than a DNS Server, there is a [full DNS server as far as information goes] - @k8gg I provided the HOWTO in my initial post - basically you add a rule to the firewall matching all outbound requests to port 53 and route the to the firewall’s local DNS server. So I did not add a rule to block 1.1.1.1 and 1.0.0.1 specifically, but this reroutes all historical DNS requests (it does not block all DNS request types). There is probably a list out there with all “public” DNS services so that you could block their IPs.
- Control: I am not looking for full control - there’s stuff I like in HAOS - I do not have to care so much for the host os, etc.
I think you are confusing one of the addons and the actual plugin.
hassio-dns is a full CoreDNS server, and I don’t remember any configuration options on the user side (I stopped using Supervised when a root os-agent was requested above all the stuff that was already installed).
Where did you get that idea ? Portainer has been replaced by Portainer-ce, but they are essentially the same.
I did not know that. I still have it installed on my HA instances.
Luckily i installed Portainer as an Add-on ~2 weeks ago. But I noticed with core-2021.11.3 the icon has suddenly changed.
Well, it was used a lot for unsupported porposes … 
The noose tightens for HA supervised users.
I’ve been a bit harsh with the DNS plugin: it basically mimic what docker is doing in bridge mode to resolve docker containers, specifically addons here, in host mode.
I’ve done some tests in a VM, and DNS resolution works fine: it does go to my internal DNS without tweakings.
Cloudlare is only a fallback if the default DNS cannot be reached.
OP, you didn’t tell what kind of installation you have: HassOS on device? HassOS in VM? Supervised?
It was a toys out of the pram moment I think 
Note the message “used for unsupported purposes”…
Have you logged in to Portainer today? Mine won’t accept my credentials.
"Protection Mode is Off. Is there another switch I’m forgetting?
Not that I am aware of. Are you reaching the Login page? Remember that the username and password are not the same as the credentials you are using to Login into your HA instance.
Yes, I’m getting to the login page in Chrome. Mozilla gives me 401: Unauthorized. I created separate credentials when required awhile back. I must have written them down incorrectly. I assume a reinstall isn’t an option anymore.
If it can help, I’ve forked the addon and added it to my addon repo:. No guarantee whatsoever 
1 Like