Hass.IO - Baked-In DNS Client?

Ahoy. My Hass.IO units seem to have baked-in DNS.

They are DHCP clients with reservations, but do not appear to ONLY be using the DNS servers specified in the DHCP Scope options.

I have a firewall rule blocking any outboud traffic to port 53, unless it originated at my Pi-Hole(s). Logs show the Home Assistant VMs regularly attempting to get to,, and on port 53. Since these requests are being blocked, but the Home Assistant VMS still appear to work, I can only assume that they’re using my DNS as specified by DCHP as well.

Anybody familiar with this behavior?

Cheers, Michael