As the title suggests, should HA be using DoT? I am getting so much DoT traffic blocked by my firewall.
Currently I am blocking DoT and can allow it through, but I was wondering if this is normal traffic from HA? Is HA supposed to be using DoT, and why am I getting so much DoT traffic? Is it because its blocked and keeps trying?
Thanks in advance.
Google “Home assistant Cloudfare DNS” for a bunch of hits on this issue.
Basically it’s “by design”.
And yes - it’s a badly designed bit of code that instead of throttling back on failure, throttles up. Like a 3 year old child that thinks asking for something more and more will help get it. 
HA uses cloudflare DoT as a fallback for the reasons I outlined here. If you block all DoT traffic on your network then you should disable the fallback with this:
ha dns options --fallback=false
Although I would advise first running the following command:
ha resolution info
As noted in my post HA has some challenges with DNS servers that most other systems don’t face since it’s musl based. If you see no DNS issues in the output of the second command then feel free to disable the fallback. If you do then I would recommend looking into those first.
Thanks, seems to have stopped it for me.
OK, I had to look it up. DNS over TLS.
Of course, the entire non-tech world thinks DoT stands for “Department of Transportation” so it’s hard to search for. Maybe this will save someone else a bit of effort. Carry on.