Improve Privacy, Stop using hardcoded DNS

avd706 · January 8, 2022, 4:20pm

At this point, its better to modify to sources to shut this off.

Tommmii · January 9, 2022, 9:44am

A brave move. Best of luck.

Swallowtail · March 15, 2022, 5:27am

This has just happened on mine… I have a DHCP-assigned static IP with a client option set for localised managed DNS, including RPZ for local network protection. At some point in the last couple of days, even though it’s still seeing the local DNS server, it no longer uses it at all…

So now none of my RPZ overwrites work, and none of my local DNS resolves. I now have to go through SMTP automations and rewrite them with hardcoded IPs because HA no longer resolves properly.

I’m struggling to come up with a reasonable idea on why someone thought this was a good idea.

le_top · March 24, 2022, 2:15pm

In my old post about this I indicated how I reconfigured ha using

 ha dns option --servers dns://10.33.2.254 --servers dns://80.80.80.80 --servers dns://80.80.81.81

and also by adding a rule to my firewall.

tescophil · May 4, 2022, 1:42pm

Many thanks to @CentralCommand for implementing an option to disable the fallback in version 2022.05.0 of the supervisor. Its been a long road, but we finally got there.

SSH into your HA instance and simply type:

ha dns options --fallback=false

No more fallback…, job done

CentralCommand · May 4, 2022, 2:50pm

Yep, that’s it!

My one suggestion for those reading this, please run the following command first:

ha resolution info

I put in some checks which test user-provided DNS servers to ensure they don’t have issues. The check for the situation I described here in particular is not obvious. It’s entirely possible that your local DNS server has this issue and you’ve never noticed since it only affects musl systems.

So please run that command and make sure no dns server issues are in the list. If there are none then feel free to disable the fallback.

If there are then I would strongly advise fixing those first otherwise you may have unexpected issues. Particularly around updating and installing containers since queries for github.com and ghcr.io resolve on A queries but not AAAA. If you do have the ipv6 issue I linked and you disable the fallback anyway you likely will see all your HA containers suddenly start to think github.com and ghcr.io don’t exist and hit a lot of problems.

petro · May 5, 2022, 12:27pm

Because this feature request has been implemented, please make new posts for support on this. This FR is formally closed.