They are DHCP clients with reservations, but do not appear to ONLY be using the DNS servers specified in the DHCP Scope options.
I have a firewall rule blocking any outboud traffic to port 53, unless it originated at my Pi-Hole(s). Logs show the Home Assistant VMs regularly attempting to get to 1.1.1.1, 8.8.8.8, and 9.9.9.9 on port 53. Since these requests are being blocked, but the Home Assistant VMS still appear to work, I can only assume that they’re using my DNS as specified by DCHP as well.
+1 from me here - I can’t see what is generating this incredible traffic to 9.9.9.9 and 1.1.1.1 - it would appear somebody has baked in what they consider the best DNS servers, and us mere mortals who try and manage our network have to just accept it.
DNS appears to be correctly set… but still seeing a lot of traffic to unapproved DNS servers. (Public IP’s obfuscated to protect the innocent)
I was trying to do some packet captures to work out what was causing the traffic, and in doing so rebooted my Hassio instance.
I’ve not had a single packet to 1.1.1.1 or 9.9.9.9 since.
I’m both annoyed and please - annoyed I can’t find out what was doing it, pleased it has stoped.
If it starts again I will have a look - I feel like it could have been an addon or something - triggered by the loss of responding DNS, and so falling back to these as a last resort, but then continuing to use them until a reboot started everything all over.
Ah, so perhaps if local DNS isn’t a go it “fails over” to these. I might try that. I only spotted it because my firewall was specifically logging DNS requests from my HassIO IP for resources it uses - like weather etc.
this is still happening for me… I’m using AdGuard and noticed that things weren’t resolving locally correctly. I got onto the core_ssh terminal plugin and discovered that queries are definitely NOT going through my AdGuard server. I did a simple nslookup of poopy.com and the tcpdump from my router showed it going thru 1.1.1.1, and the query was absent on AdGuard. My ha dns info command only shows my AdGuard IP!
I’d love to know where this is coming from as well. I’ve searched Github, but I can’t find any of the HassOS or other home assistant repositories referencing this IP addresses (I also tried hex/dec).
EDIT:
It just started up again, every 1-2 seconds all day long. Everything’s working using my local DNS server, so I’m not sure what process is causing this:
Jun 4 21:08:03.534: tcp 172.31.16.X(59796) -> 1.1.1.1(853)
Jun 4 21:08:06.610: tcp 172.31.16.X(56724) -> 1.0.0.1(853)
Jun 4 21:08:08.376: tcp 172.31.16.X(59802) -> 1.1.1.1(853)
Jun 4 21:08:09.424: tcp 172.31.16.X(59806) -> 1.1.1.1(853)
Jun 4 21:08:10.452: tcp 172.31.16.X(56732) -> 1.0.0.1(853)
Jun 4 21:08:11.473: tcp 172.31.16.X(59810) -> 1.1.1.1(853)
Jun 4 21:08:14.290: tcp 172.31.16.X(59814) -> 1.1.1.1(853)
Jun 4 21:08:17.373: tcp 172.31.16.X(59820) -> 1.1.1.1(853)
Jun 4 21:08:18.386: tcp 172.31.16.X(56752) -> 1.0.0.1(853)
Jun 4 21:08:20.194: tcp 172.31.16.X(59830) -> 1.1.1.1(853)
Jun 4 21:08:21.214: tcp 172.31.16.X(59834) -> 1.1.1.1(853)
Jun 4 21:08:22.224: tcp 172.31.16.X(56760) -> 1.0.0.1(853)
Jun 4 21:08:25.587: tcp 172.31.16.X(56764) -> 1.0.0.1(853)
Jun 4 21:08:27.153: tcp 172.31.16.X(59846) -> 1.1.1.1(853)
Interesting… whatever it is seems to be attempting to use cloudflare DOT (encrypted dns). That probably doesn’t help much, but just wondering if there is any known work wrt DOT being added to hassio or addons.
DOH could also get by in some cases. I have firefox on my phone setup to bypass DNS policies using DOH.
I know it’s been a long time, but I’m having DNS issues as well, so I’m trying my luck here.
I’ve got DNS entries under locals which are incorrect. Would you happen to know how to edit or remove them?