HomeAssistant OS can't resolve local hostname

angelone · December 8, 2022, 11:57am

Hi all,

I’ve installed HAOS into a VM that runs on Proxmox.
The network interface is configured by DHCP and the DNS settings seems to be configured properly but HomeAssistant can’t resolve local hostname.

Using the SSH Add-on I tried to perform an nslookup and the domain is resolved:

nslookup test.lab.lan
Server:         10.10.30.1
Address:        10.10.30.1#53

Non-authoritative answer:
Name:   test.lab.lan
Address: 10.10.10.41
** server can't find test.lab.lan: NXDOMAIN

but if I try to use curl I get:

curl -v test.lab.lan
* Could not resolve host: test.lab.lan
* Closing connection 0
curl: (6) Could not resolve host: test.lab.lan

This is the output of the command “ha dns info”:

ha dns info
fallback: true
host: 172.30.32.3
llmnr: true
locals:
- dns://10.10.30.1
mdns: true
servers: []
update_available: false
version: 2022.04.1
version_latest: 2022.04.

and the local DNS server is configured properly.
I’m trying to connect to my local MQTT Broker (test.lab.lan) but HomeAssistant can’t resolve its local hostname.
Anyone can help? I tried to consult the following threads but no one was useful to solve this issue:

https://github.com/home-assistant/plugin-dns/issues/20
https://community.home-assistant.io/t/local-dns/178108
https://community.home-assistant.io/t/hassos-hostname-cant-resolve/409182

CentralCommand · December 8, 2022, 1:58pm

Going to quote myself from one of the threads you linked

Local DNS!

One possibility I would like to check if you don’t mind (should be quick). Most of the containers used in a typical home assistant deployment are alpine based which means they use musl rather then glibc. This has an interesting consequence when it comes to DNS because of this commit . According to the DNS spec if a host exists a DNS server should always return NOERROR, even if they have no answers for the particular type of query (like if a host has only an ipv4 address but not an ipv6 one). musl enforces this, glibc does not. Because musl and alpine is newer not all DNS servers respect this rule and as a result unexpected NXDOMAINS can be encountered on alpine based systems.

We set up a simple test to check for this and are going to start testing DNS servers for this so we can let users know if their DNS server has an issue once this PR is merged. In the meantime you can test this manually by using the test domain we set up that only resolves for A type queries by doing this:
dig _checkdns.home-assistant.io A +noall +comments
dig _checkdns.home-assistant.io AAAA +noall +comments
Your response should have status: NOERROR for both of those, like this:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6899
If not then that may be the issue. Since a query issued for a type not supported by one of your local domains could be getting back an NXDOMAIN and causing the DNS plugin (which is alpine based) to think the entire domain doesn’t exist. Home Assistant too since it is also alpine based.

This is the problem. You can see it in the output of the first command. Your DNS server is returning an answer for an A request for test.lab.lan but is returning NXDOMAIN for the follow-up AAAA request on that domain (ipv6).

This means your DNS server is not following DNS spec correctly. DNS servers are only supposed to return NXDOMAIN if the name truly does not exist for all types of queries. If it exists but there are no answers for some types of queries (like say because you don’t use ipv6) then it should return a NOERROR response without any answers.

Alpine based systems like HA require DNS servers follow the DNS spec in this regard for the reasons I mentioned above. If your DNS server returns NXDOMAIN for any queries on a name then HA, most of HAs addons and any other Alpine based systems will assume the name does not exist for all queries.

angelone · December 8, 2022, 2:12pm

Thank you for the reply. Correct me if I’m wrong but running the dig command:

dig test.lab.lan

; <<>> DiG 9.16.29 <<>> test.lab.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59613
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 53cda2638161d729 (echoed)
;; QUESTION SECTION:
;test.lab.lan.                  IN      A

;; ANSWER SECTION:
test.lab.lan.           22      IN      A       10.10.10.41

;; Query time: 3 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Thu Dec 08 15:08:41 CET 2022
;; MSG SIZE  rcvd: 69

I don’t see any AAAA response. Any suggestion to solve the issue?
Thanks for the clarifications

CentralCommand · December 8, 2022, 2:16pm

Dig is a tool for testing DNS queries. It does exactly the type of query you ask for and nothing else then shows you all the debug details you might need a out it. If you don’t specify a type of query then it makes an A one by default. To test an AAAA type request you must explicitly ask for one like this:

dig test.lab.lan AAAA

This is notably different from nslookup which you were using before. That specifically makes both an A and an AAAA type query on the name and shows all the answers it found.

angelone · December 8, 2022, 2:32pm

Ok I got the point. I’ve checked on my router and I didn’t find any way to return NOERROR instead of NXDOMAIN for AAAA queries. Is there a way to force HomeAssistant to only use the A record?

CentralCommand · December 8, 2022, 2:46pm

No. This isn’t a home assistant restriction, this is a musl Linux restriction (which is what Alpine uses). See the explanation and commit I linked above.

If your current DNS server isn’t following spec correctly that’s usually ok since HA uses cloudflares DNS as a fallback DNS server for this exact reason, this problem is actually pretty common. But a fall ack DNS can’t help with a local domain name, it only helps with public domain names that are resolved incorrectly.

For the lan name I would suggest just using homeassistant.local. That name is broadcast and resolved using multicast DNS. Your DNS server isnt involved in mdns requests so it works correctly. If you have some devices that don’t support mdns then you can put an entry in your DNS server for homeassistant.local to cover those devices.

If that doesnt work for you then you’ll likely need to run a different DNS server on your network. Adguard works well for me personally but there’s plenty of other options as well.

EDIT: Sorry I forgot for a second this was about HA talking to another device not resolving it’s name. Ignore the homeassistant.local stuff, that doesn’t apply. I think you have 3 options:

if the device you want HA to talk to supports LLMNR or MDNS then then turn that on and use that. Both multicast protocols are fully supported and work correctly since your DNS server isn’t involved
use the IP address instead and reserve it in your router. I know that’s a bummer but its easier then #3 which is
install and run a new DNS server that correctly follows spec on your network

angelone · December 9, 2022, 7:34am

I would like to thank you for all the explanations you gave me. I followed the 3th approach you suggested, I’ve installed Pi-hole (that was something I planned to do) and I set a DNS request route from my main router to Pi-hole for my local domain “lab.lan”. In that mode all DNS requests that belongs to my local domain is been resolved by Pi-hole and it works like a charm.

Hope that this could help someone else.

unhuzpt · May 9, 2023, 5:35am

Honestly i think there is something more sinister here, prob my lack of understanding of the topic but what i see is quite strange.

So i have a DNS server running with local domain u****.int and everything works like a charm… except for HA.
And where i see the most impact?
In ESPHOME addon where there is this really strange behavior:

i install a new esp device plugged into the usb port of HA server and configure, all works fine and it joins the Wifi network. If i unplug and give it power again it joins the wifi network and if i go to esphome interface it is online and i can get the logs by wifi.

Now if i reboot/restart HA the device will never return to status online neither i will get the logs from it by wifi… Why?

The i go to HA cli and run this test:

[core-ssh ~]$ dig co-sensor-garage.u*******t.int
; <<>> DiG 9.18.13 <<>> co-sensor-garage.unhuzpt.int
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6091
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 06f26743910d7c7a (echoed)
;; QUESTION SECTION:
;co-sensor-garage.unhuzpt.int.  IN      A

;; ANSWER SECTION:
co-sensor-garage.u******.int. 5 IN      A       192.168.178.143

;; Query time: 3 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Tue May 09 07:18:45 CEST 2023
;; MSG SIZE  rcvd: 85

And then:
[core-ssh ~]$ dig co-sensor-garage
; <<>> DiG 9.18.13 <<>> co-sensor-garage
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4587
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 505f0fc22c01d9e4 (echoed)
;; QUESTION SECTION:
;co-sensor-garage.              IN      A

;; Query time: 3839 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Tue May 09 07:31:07 CEST 2023
;; MSG SIZE  rcvd: 57

All other hosts/devices in the network get a DNS response from the sensor no matter they use the FQDN or not. But why HA not???
It works the very first time i configure the esp sensor and added in esphome.

Of course if i edit manually the config file for each esphome device i install and change the address to use FQDN it will work but that is not the right way things should work.

Can anyone help me solve this please?