Local DNS!

Yeah, I realized that after he replied. I saw the post opened in '20, then saw “Feb 20” Missed the fact there was no ’ in front of the 20. The formatting of date/time posts and replies are written is not exactly clear in this forum… :wink:

2 Likes

agree on that :slight_smile:

Not sure if this is the correct place to post this, but you guys seems to be knowledgeable regarding the DNS setup in Home Assistant.
I’m having errors that I think might be related to DNS basically not working at all, no external resolving, so any pointers here would be great. Did a fresh install of HAOS on an Intel NUC, running 10.5, and Home Assistant Core 2023.9.2.

I have the following DNS config:
image

This is the result when trying to resolve from HA:
image

So basically ignoring the config.

This is the DNS log from the built in log viewer:

This is the output from ha resolution info:

This is the settings in /etc/resolv.conf
image

This is the output from nslookup from a computer on my local network:
image

Any clues on what is going on and how DNS can have ended up so complicated and in this state?

Br
/Micke

Solved the issue, the DNS container might have been broken for some reason, a supervisor repair solved the issue so that DNS resolution works again.

So to be clear, this problem still is not solvable if you are running a standard docker installation? (homeassistant/homeassitant)

I’m running HA along with AdguardHome, and using unbound to forward to cloudflared or dnscrypt proxy, in docker containers. Since firing up AdguardHome in docker, HA won’t initialize basically any of my integrations.

I’m digging into this now—I run a local DNS resolver, and the hassio Core DNS is breaking imtegrations with timeout errors, despite 0ms responses.

nmcli options don’t persist due to a reset of the image by the Supervisor (I think). Attempts to disable ipv6 from “local-link” reset on a reboot. Attempts to change the DNS server results in a “dns-data” error, which is not in the reported information for the connection, nor in any documentation.

Installation if DNSMasq to request from my upstream resolver returns a “junk in code” error upon attempts to start.

I’m going to fiddle and see what works — disabling IPv6, increasing the “connection.gateway-timeout” times, prioritizing IPv4, and de-prioritizing IPv6, plus about 50 others seemed to fix the errors but I gave it a hard reboot thinking I had fixed it… no dice. Ended up taking a break, but I’ll post back when I get to it with any solutions.

The HA team seems pretty opposed to discussing DNS issues, although I’m not sure why. I guess I can’t really complain — I’m running the supervised version.

Hopefully this gives me the tools I need to bootstrap it on my own (or at least with the help of the community).

1 Like

Suddenly had DNS issues as well. Local lookups didn’t function as expected anymore and to my surprise, there were lookups to Google DNS for a hostname that is strictly local. DNS did work correctly for months until a restart beginning of December. No mention of “8.8.8.8” in the network configuration settings, had to use tcpdump to find out. Then used “dns options --servers” to fix. Weird.

Did you get this error when the Startup.d ran?

exec: fatal: unable to exec /tmp/hassio_dns.startup.sh: No such file or directory

Ive read through this thread but a bit confused on how local dns is handled for local domain names that resolve totally locally.

Asking as one of the many reasons for using HA was the fact that everything is local. So I was a bit surprised earlier this week when I lost internet for an extended period of time and HA refused to solve some local domains to devices. Below Ive attached a picture with some debug info and some testing I did.

Not show, but from other testing I did using nslookup.I could tell it was able to properly resolve my domains but, it would then sit after resolving and give a SERVFAIL error as if it was trying to hit another DNS server or something.

I can see some IPv6 attempts in your screenshot. When your device receives an IPv6 address, it is typically made up with a prefix that has been provided by your ISP, and then a portion that the device gave itself. So when your internet connection goes down, the IPv6 address prefix is often removed by your router, because it could potentially be a different prefix when the internet connection is restored. It’s worth bearing that in mind.

Hmm interesting. To be totally honest, I am not sure if the device in the above picture actually even supports IPV6. My ISP doesnt support IPV6 so my router(unifi) doesnt even have it enabled.

I only have it enabled on HA for matter support.

The first time I ran into this behavior with local DNS servers I was also surprised at how convoluted such a basic setting is in HA (HAOS). Made me remember the same situation with NAT hairpinning on Cisco zone-based firewalls. A common setting with a standard, universally understood configuration is implemented in a unique and thus confusing way.

If I understand it correctly, in HAOS Home Assistant Core uses an internal DNS server that runs as a docker container: hassio_dns.

Network settings, including DNS server, can be changed on the web GUI > System > Network > Configure network interfaces. Or from the HA cli using ha network. DNS settings specifically (I think this is for hassio_dns) can be managed from the HA cli as well with ha dns.

On my setup a set the same local DNS server with both ha network and ha dns.

This is one of those pieces of the config that warrants a dedicated page in the docs, but I haven’t found it. Please point/correct me as needed.

Yeah totally agreed. It seems to defeat the point if we have all local services, if homeassistant cant actually resolve those services locally when/if the internet goes out

Hey guys, not sure we’re all having the same issues but maybe this can be of help to someone:

I had issues resolving local names from my new haos kvm machine.
HA configured with static IP seemed to be missing search domain in /etc/resolv.conf.
Saw some create solutions in this thread but I went with:

  1. Noticed /etc/resolv.conf said “# Generated by NetworkManager
  2. Looked up how to set dns search domain with nmcli.
# ping ps5
ping: bad address 'ps5'

# nmcli con show
NAME               UUID                                  TYPE      DEVICE
Supervisor enp1s0  b4f8d4ed-e5f6-3897-8d15-957c03b22492  ethernet  enp1s0
lo                 e6347501-482f-4df0-befe-0552d391ef53  loopback  lo

# nmcli con show "Supervisor enp1s0" | grep dns-search
ipv4.dns-search:                        --
ipv6.dns-search:                        --

# nmcli con mod "Supervisor enp1s0" ipv4.dns-search "mydomain.lan"

# nmcli con show "Supervisor enp1s0" | grep dns-search
ipv4.dns-search:                        mydomain.lan
ipv6.dns-search:

# systemctl restart NetworkManager

# ping ps5
ps5 is alive!

Seems to hold after reboot as well, all good :+1:

Edit: Maybe spoke too soon. Resolves from ha console/cli but not from HA now…? :thinking:
Edit 2: I spun up the SSH addon and in that addon-container the resolv.conf says the search domain is local.hass.io, and I guess it looks like that in the HA core container as well?
Edit 3: Yep, same thing in the homeassistant container.

I found the best way with HAOS is to set the search domain via DHCP along with a static “DHCP” IP. Do you mind trying that.

Couple of points about DNS based on my observations

  1. Individual hostname DNS queries are not forwarded to upstream servers. So, don’t use single hostnames anywhere in HA because it will fail, you have to use fully qualified domain names. eg. use ‘myhost.mydomain.com’ instead of just ‘myhost’. This assumes that you have a local upstream DNS server that can resolve these FQDN queries to the appropriate local IP.

  2. Home assistant uses CloudFlare DNS-over-TLS as a fallback service. The fallback will be used if a query returns anything other than NOERROR. This can be disabled on the command line using

    ha dns options --fallback=false

The fallback will cause the resolution of local host FQDN names to fail if it remains enabled.

This is the big issue here. You should never go and ask someone else if you get NXDOMAIN! You got the answer you wanted!

5 Likes

i have been looking for a documentation or a guide to setup local DNS properly.

so far i have found this, is this all there is?

I looked up what a search domain is and it makes my brain hurt.

are people here having issues with remote access?