No Internet in HA?

I’ve constantly been having issues now with HA and internet connectivity.

Im blocking a lot of outbound traffic, but DNS is resolving to outside and i’ve ensured that HA is using the correct DNS server, which is the only DNS allowed to pass via the firewall.

Yet, still, HA does not like this and will not connect to the internet. Every other machine using this DNS server is fine, the DNS server is PiHole.

Does HA need to query a custom or hard coded DNS server to indicate internet connectivity.

I logged directly into my debain instance via CLI and confirmed that DNS resolution was indeed working and resolving correctly.

Any Ideas?
Thanks

Yes - can’t remember the specific details but HA does I believe have a hard coded DNS. Searching “hard coded dns” in the forums comes up with this for example:

Yes, you cant block DoH correct? As its using 443.

You can with an application aware firewall.

On your main topic, I have the same setup with all DNS forced through piHole, albeit with some light adblocking lists, and have no issues.

What leads you to believe the issue is specific to DNS?

Im not sure I guess, could be protocol. Does it use ICMP to test connection for example.

I guess I don’t actually know how I came to the conclusion that its DNS,

I think I would start by setting up two ping sensors. One hitting a public IP (e.g. 8.8.8.8) and the other hitting a domain name (e.g. www.google.com) with a low scan interval. When you have issues you can check the sensor history to see if either or both indicate issues.

HA has a hardcoded fallback DNS server configuration.
If your PiHole is running on the HA server, then it might not be available when HA comes up and then the fallback servers will be triggered.
HA should revert back to the user configured setup when it detects the servers are back online, but there have been issues with this in the past.

PiHole is running on a Proxmox container, separate to HA and the DNS server is reachable and able to resolve.

So why is it triggering the faillback DNS servers is the question.

Turns out HA is using 1.0.0.1 and 1.1.1.1 over TLS 853 as hardcoded DNS.

I dont like this.

I call BS on this,

HA is completely ignoring my DNS server and fails to connect without access to its own over DoT.

It appears this has been fixed with

ha dns options --fallback=false

Correct. You can disable DNS fallback by using this command.

Please mark your own last post as solution, so others don’t need to read through the topic to get there. Thanks!

Actually I take that back.

It’s still not working saying no host internet connection.

Yet, still no internet.

Some stuff works, some stuff doesnt.

You know, i’m really going to vent my frustration here.

Why is it that the community has spent hours and hours and hours of time over such a stupid problem.
Its DNS, set your DNS server and be done with it.

It really makes me think that there is more behind the scenes that someone is trying to hide!
Why force HA to use DoT and then make it, literally impossible to disable.

This is a stupid f*&%^& problem that I have already spent about 4 hours on! WHY.

Is homeassistant collection information about its users? WHAT is it querying in the background?

Here is a cap with DNS fallback disabled. Please tell WHERE is 1 single query for my DNS server which is at x.5.

22:06:06.446890 IP 172.16.101.3.41108 > 172.16.101.1.53: UDP, length 43
22:06:08.448235 IP 172.16.101.3.41108 > 172.16.101.1.53: UDP, length 43
22:06:10.450074 IP 172.16.101.3.41108 > 172.16.101.1.53: UDP, length 43
22:06:12.451042 IP 172.16.101.3.41108 > 172.16.101.1.53: UDP, length 43
22:06:14.451968 IP 172.16.101.3.41108 > 172.16.101.1.53: UDP, length 43
22:06:49.028685 IP 172.16.101.3.54770 > 172.16.101.1.53: UDP, length 58
22:06:49.029105 IP 172.16.101.3.45537 > 172.16.101.1.53: UDP, length 58
22:06:49.057747 IP 172.16.101.3.47573 > 172.16.101.1.53: UDP, length 47
22:06:49.057946 IP 172.16.101.3.57946 > 172.16.101.1.53: UDP, length 47
22:06:49.058115 IP 172.16.101.3.39126 > 172.16.101.1.53: UDP, length 47
22:06:49.058266 IP 172.16.101.3.42785 > 172.16.101.1.53: UDP, length 47
22:06:49.058567 IP 172.16.101.3.43193 > 172.16.101.1.53: UDP, length 47
22:06:49.058727 IP 172.16.101.3.38901 > 172.16.101.1.53: UDP, length 47
22:06:49.058913 IP 172.16.101.3.55489 > 172.16.101.1.53: UDP, length 47
22:06:49.059149 IP 172.16.101.3.38155 > 172.16.101.1.53: UDP, length 47
22:06:49.059343 IP 172.16.101.3.45908 > 172.16.101.1.53: UDP, length 47
22:06:49.059510 IP 172.16.101.3.45239 > 172.16.101.1.53: UDP, length 47
22:06:49.059752 IP 172.16.101.3.56844 > 172.16.101.1.53: UDP, length 47
22:06:49.059875 IP 172.16.101.3.49142 > 172.16.101.1.53: UDP, length 47
22:06:49.060077 IP 172.16.101.3.51005 > 172.16.101.1.53: UDP, length 47
22:06:49.060229 IP 172.16.101.3.49349 > 172.16.101.1.53: UDP, length 47
22:06:49.060358 IP 172.16.101.3.42820 > 172.16.101.1.53: UDP, length 47
22:06:54.063091 IP 172.16.101.3.47031 > 8.8.8.8.53: UDP, length 47
22:06:54.063099 IP 172.16.101.3.60463 > 8.8.8.8.53: UDP, length 47
22:06:54.063108 IP 172.16.101.3.50104 > 8.8.8.8.53: UDP, length 47
22:06:54.063111 IP 172.16.101.3.39378 > 8.8.8.8.53: UDP, length 47
22:06:54.063111 IP 172.16.101.3.49634 > 8.8.8.8.53: UDP, length 47
22:06:54.063114 IP 172.16.101.3.42991 > 8.8.8.8.53: UDP, length 47
22:06:54.063192 IP 172.16.101.3.50457 > 8.8.8.8.53: UDP, length 47
22:06:54.063196 IP 172.16.101.3.46682 > 8.8.8.8.53: UDP, length 47
22:06:54.063197 IP 172.16.101.3.46074 > 8.8.8.8.53: UDP, length 47
22:06:54.063221 IP 172.16.101.3.46850 > 8.8.8.8.53: UDP, length 47
22:06:54.063232 IP 172.16.101.3.40393 > 8.8.8.8.53: UDP, length 47
22:06:54.063240 IP 172.16.101.3.47853 > 8.8.8.8.53: UDP, length 47
22:06:54.064135 IP 172.16.101.3.48863 > 8.8.8.8.53: UDP, length 47
22:06:54.064151 IP 172.16.101.3.34234 > 8.8.8.8.53: UDP, length 47
22:06:54.064250 IP 172.16.101.3.40359 > 8.8.8.8.53: UDP, length 47
22:06:54.137941 IP 172.16.101.3.54770 > 172.16.101.1.53: UDP, length 58
22:06:54.137952 IP 172.16.101.3.45537 > 172.16.101.1.53: UDP, length 58
22:06:59.068439 IP 172.16.101.3.49142 > 172.16.101.1.53: UDP, length 47
22:06:59.068445 IP 172.16.101.3.45908 > 172.16.101.1.53: UDP, length 47
22:06:59.068449 IP 172.16.101.3.51005 > 172.16.101.1.53: UDP, length 47
22:06:59.068451 IP 172.16.101.3.57946 > 172.16.101.1.53: UDP, length 47
22:06:59.068453 IP 172.16.101.3.38155 > 172.16.101.1.53: UDP, length 47
22:06:59.068453 IP 172.16.101.3.39126 > 172.16.101.1.53: UDP, length 47
22:06:59.068455 IP 172.16.101.3.43193 > 172.16.101.1.53: UDP, length 47
22:06:59.068456 IP 172.16.101.3.42785 > 172.16.101.1.53: UDP, length 47
22:06:59.068458 IP 172.16.101.3.47573 > 172.16.101.1.53: UDP, length 47
22:06:59.068459 IP 172.16.101.3.38901 > 172.16.101.1.53: UDP, length 47
22:06:59.068460 IP 172.16.101.3.45239 > 172.16.101.1.53: UDP, length 47
22:06:59.068461 IP 172.16.101.3.55489 > 172.16.101.1.53: UDP, length 47
22:06:59.068463 IP 172.16.101.3.49349 > 172.16.101.1.53: UDP, length 47
22:06:59.068550 IP 172.16.101.3.56844 > 172.16.101.1.53: UDP, length 47
22:06:59.068578 IP 172.16.101.3.42820 > 172.16.101.1.53: UDP, length 47
22:06:59.388097 IP 172.16.101.3.54770 > 172.16.101.1.53: UDP, length 47
22:06:59.388109 IP 172.16.101.3.45537 > 172.16.101.1.53: UDP, length 47
22:07:04.071700 IP 172.16.101.3.42991 > 8.8.8.8.53: UDP, length 47
22:07:04.071707 IP 172.16.101.3.50457 > 8.8.8.8.53: UDP, length 47
22:07:04.071715 IP 172.16.101.3.39378 > 8.8.8.8.53: UDP, length 47
22:07:04.071731 IP 172.16.101.3.47853 > 8.8.8.8.53: UDP, length 47
22:07:04.071821 IP 172.16.101.3.34234 > 8.8.8.8.53: UDP, length 47
22:07:04.073742 IP 172.16.101.3.49634 > 8.8.8.8.53: UDP, length 47
22:07:04.073745 IP 172.16.101.3.60463 > 8.8.8.8.53: UDP, length 47
22:07:04.073747 IP 172.16.101.3.46074 > 8.8.8.8.53: UDP, length 47
22:07:04.073867 IP 172.16.101.3.46682 > 8.8.8.8.53: UDP, length 47
22:07:04.073868 IP 172.16.101.3.40393 > 8.8.8.8.53: UDP, length 47
22:07:04.073871 IP 172.16.101.3.48863 > 8.8.8.8.53: UDP, length 47
22:07:04.073872 IP 172.16.101.3.46850 > 8.8.8.8.53: UDP, length 47
22:07:04.073874 IP 172.16.101.3.50104 > 8.8.8.8.53: UDP, length 47
22:07:04.073877 IP 172.16.101.3.47031 > 8.8.8.8.53: UDP, length 47
22:07:04.073878 IP 172.16.101.3.40359 > 8.8.8.8.53: UDP, length 47
22:07:04.638117 IP 172.16.101.3.45537 > 172.16.101.1.53: UDP, length 47
22:07:04.638133 IP 172.16.101.3.54770 > 172.16.101.1.53: UDP, length 47
22:07:09.888248 IP 172.16.101.3.58484 > 172.16.101.1.53: tcp 0
22:07:10.919441 IP 172.16.101.3.58484 > 172.16.101.1.53: tcp 0
22:07:12.935574 IP 172.16.101.3.58484 > 172.16.101.1.53: tcp 0
22:07:14.027409 IP 172.16.101.3.33133 > 172.16.101.1.53: UDP, length 47
22:07:14.027418 IP 172.16.101.3.49623 > 172.16.101.1.53: UDP, length 47
22:07:14.057040 IP 172.16.101.3.60792 > 172.16.101.1.53: UDP, length 47
22:07:14.057062 IP 172.16.101.3.53770 > 172.16.101.1.53: UDP, length 47
22:07:15.058229 IP 172.16.101.3.53053 > 172.16.101.1.53: UDP, length 47
22:07:15.058234 IP 172.16.101.3.38004 > 172.16.101.1.53: UDP, length 47
22:07:17.057835 IP 172.16.101.3.59427 > 172.16.101.1.53: UDP, length 47
22:07:17.057848 IP 172.16.101.3.40042 > 172.16.101.1.53: UDP, length 47
22:07:17.159550 IP 172.16.101.3.58484 > 172.16.101.1.53: tcp 0
22:07:19.032745 IP 172.16.101.3.35158 > 8.8.8.8.53: UDP, length 47
22:07:19.032757 IP 172.16.101.3.53370 > 8.8.8.8.53: UDP, length 47
22:07:19.062422 IP 172.16.101.3.54844 > 8.8.8.8.53: UDP, length 47
22:07:19.062423 IP 172.16.101.3.56652 > 8.8.8.8.53: UDP, length 47
22:07:20.057746 IP 172.16.101.3.45314 > 172.16.101.1.53: tcp 0
22:07:20.059588 IP 172.16.101.3.60460 > 8.8.8.8.53: UDP, length 47
22:07:20.059593 IP 172.16.101.3.40747 > 8.8.8.8.53: UDP, length 47
22:07:21.057430 IP 172.16.101.3.50848 > 172.16.101.1.53: UDP, length 47
22:07:21.057449 IP 172.16.101.3.35147 > 172.16.101.1.53: UDP, length 47
22:07:21.063597 IP 172.16.101.3.45314 > 172.16.101.1.53: tcp 0
22:07:22.041752 IP 172.16.101.3.38983 > 172.16.101.1.53: UDP, length 47
22:07:22.041804 IP 172.16.101.3.38520 > 172.16.101.1.53: UDP, length 47
22:07:22.059700 IP 172.16.101.3.38217 > 8.8.8.8.53: UDP, length 47
22:07:22.059724 IP 172.16.101.3.57736 > 8.8.8.8.53: UDP, length 47
22:07:22.067726 IP 172.16.101.3.53499 > 172.16.101.1.53: UDP, length 47
22:07:22.069740 IP 172.16.101.3.60690 > 172.16.101.1.53: UDP, length 47
22:07:23.066717 IP 172.16.101.3.36145 > 172.16.101.1.53: UDP, length 47
22:07:23.066737 IP 172.16.101.3.48992 > 172.16.101.1.53: UDP, length 47
22:07:23.079524 IP 172.16.101.3.45314 > 172.16.101.1.53: tcp 0
22:07:25.065837 IP 172.16.101.3.42791 > 172.16.101.1.53: UDP, length 47
22:07:25.065842 IP 172.16.101.3.38745 > 172.16.101.1.53: UDP, length 47
22:07:26.062496 IP 172.16.101.3.56899 > 8.8.8.8.53: UDP, length 47
22:07:26.062540 IP 172.16.101.3.39135 > 8.8.8.8.53: UDP, length 47
22:07:27.047020 IP 172.16.101.3.34365 > 8.8.8.8.53: UDP, length 47
22:07:27.047058 IP 172.16.101.3.56746 > 8.8.8.8.53: UDP, length 47
22:07:27.073061 IP 172.16.101.3.41917 > 8.8.8.8.53: UDP, length 47
22:07:27.074981 IP 172.16.101.3.34683 > 8.8.8.8.53: UDP, length 47
22:07:27.143596 IP 172.16.101.3.45314 > 172.16.101.1.53: tcp 0
22:07:28.072033 IP 172.16.101.3.49425 > 8.8.8.8.53: UDP, length 47
22:07:28.072049 IP 172.16.101.3.53660 > 8.8.8.8.53: UDP, length 47
22:07:29.058434 IP 172.16.101.3.55070 > 172.16.101.1.53: UDP, length 47
22:07:29.058441 IP 172.16.101.3.45913 > 172.16.101.1.53: UDP, length 47
22:07:29.068275 IP 172.16.101.3.40218 > 172.16.101.1.53: UDP, length 47
22:07:29.068290 IP 172.16.101.3.43348 > 172.16.101.1.53: UDP, length 47
22:07:30.070882 IP 172.16.101.3.42773 > 8.8.8.8.53: UDP, length 47
22:07:30.070884 IP 172.16.101.3.51353 > 8.8.8.8.53: UDP, length 47
22:07:30.138178 IP 172.16.101.3.54404 > 172.16.101.1.53: UDP, length 47
22:07:30.138184 IP 172.16.101.3.50634 > 172.16.101.1.53: UDP, length 47
22:07:34.060442 IP 172.16.101.3.54498 > 8.8.8.8.53: UDP, length 47
22:07:34.063570 IP 172.16.101.3.50462 > 8.8.8.8.53: UDP, length 47
22:07:34.073654 IP 172.16.101.3.49128 > 8.8.8.8.53: UDP, length 47
22:07:34.073665 IP 172.16.101.3.34218 > 8.8.8.8.53: UDP, length 47
22:12:42.842049 IP 172.16.101.3.56371 > 172.16.101.1.53: UDP, length 43
22:12:44.843152 IP 172.16.101.3.56371 > 172.16.101.1.53: UDP, length 43
22:12:46.843469 IP 172.16.101.3.56371 > 172.16.101.1.53: UDP, length 43
22:12:48.850842 IP 172.16.101.3.56371 > 172.16.101.1.53: UDP, length 43
22:12:50.851830 IP 172.16.101.3.56371 > 172.16.101.1.53: UDP, length 43
22:17:47.586864 IP 172.16.101.3.33441 > 172.16.101.1.53: UDP, length 43
22:17:49.589016 IP 172.16.101.3.33441 > 172.16.101.1.53: UDP, length 43
22:17:51.590467 IP 172.16.101.3.33441 > 172.16.101.1.53: UDP, length 43
22:17:53.591385 IP 172.16.101.3.33441 > 172.16.101.1.53: UDP, length 43
22:17:55.592539 IP 172.16.101.3.33441 > 172.16.101.1.53: UDP, length 43

There is not 1. Instead now its trying google and my gateway. I have set my DNS server static.

what does ha resolution info output?

I can totally understand your frustration, but I can say for sure, that it has something to do with your setup, sorry.

I have kind of the same config, HA on a miniserver, Pi-Hole as DNS, advertised through the router, a rule to re-route DNS traffic to Pi-Hole, all that - and it works as expected. Don’t misunderstand me, I get that it’s not working for you, what I’m saying is, there is a solution for the problem, we just need to find it, because I have the working example.

FWIW, if you have some time to loose, here is the thread where this was discussed and ended in the PR that got us the command ha dns options --fallback=false. There is also a check (above mentioned by @WallyR) from @CentralCommand that you should run and see what comes up. It is an interesting topic and worth the read, but it needs time.

So here you go, take note of the links in that post, the first link brings you to a very detailed description of the problem (especially with some Pi-Hole setups):

ha resolution info

[core-ssh ~]$ ha resolution info
checks:
- enabled: true
  slug: dns_server
- enabled: true
  slug: backups
- enabled: true
  slug: docker_config
- enabled: true
  slug: free_space
- enabled: true
  slug: supervisor_trust
- enabled: true
  slug: core_security
- enabled: true
  slug: network_interface_ipv4
- enabled: true
  slug: dns_server_ipv6
- enabled: true
  slug: addon_pwned
- enabled: true
  slug: multiple_data_disks
issues:
- context: system
  reference: null
  type: no_current_backup
  uuid: d85d4a15eca64fcc8b2d5dfe70b7f0df
suggestions:
- auto: false
  context: system
  reference: null
  type: create_full_backup
  uuid: 343c586aa6324546b1885024b55820c0
unhealthy: []
unsupported: []

a nslookup from my DNS server.

[core-ssh ~]$ nslookup
> server 172.16.101.5
Default server: 172.16.101.5
Address: 172.16.101.5#53
> google.com
;; communications error to 172.16.101.5#53: timed out
Server:         172.16.101.5
Address:        172.16.101.5#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.24.46
Name:   google.com
Address: 2404:6800:4006:804::200e
> trademe.co.nz
Server:         172.16.101.5
Address:        172.16.101.5#53

Non-authoritative answer:
Name:   trademe.co.nz
Address: 151.101.194.137
Name:   trademe.co.nz
Address: 151.101.66.137
Name:   trademe.co.nz
Address: 151.101.2.137
Name:   trademe.co.nz
Address: 151.101.130.137
> home-assistant.io
Server:         172.16.101.5
Address:        172.16.101.5#53

Non-authoritative answer:
Name:   home-assistant.io
Address: 104.26.4.238
Name:   home-assistant.io
Address: 104.26.5.238
Name:   home-assistant.io
Address: 172.67.68.90
Name:   home-assistant.io
Address: 2606:4700:20::681a:4ee
Name:   home-assistant.io
Address: 2606:4700:20::681a:5ee
Name:   home-assistant.io
Address: 2606:4700:20::ac43:445a
>

And

ha network info