Something in HA queries DNS in DDOS attack like rate

I have specific network configuration that disallows DNS queries targeted to any DNS outside network.
after examining router log i found out that HA machine tries to query DNS 1.1.1.1 and 1.0.0.1 at huge rate.

I entered Ha console and checked DNS info. It seems HA itself is set to query local DNS as it should.

Somethning on HA does not follow that but tries to get out and it is ridiculous how many queries it produces.

HA installation is actually fresh and empty. Nothing much installed as I just set it up for some basic testing and learning.

I tried stopping all addons, but it did not stop DNS queries.

When I shut down HA, DNS queries stop. When I start it again DNS queries start as soon as message “Waiting fo Supervisor to start…” shows up.

How can I find out what is making all these connections?

HA core and/or the supervisor use Cloudflare DNS as a backup DNS service and maybe also to detect internet access.

Not sure if this wil help with the number of queries, but there is a workaround for folks that want privacy to not use the default “forced/hard coded” DNS that wally mentioned in his answer.

I found an Add-On called “Core DNS Override” which I am using. I copied this from the info page for the addon (and I put a picture below for you) - hope this helps!

"To install my repo:

  • Log into HomeAssistant
  • Head to SupervisorAdd-On Store
  • Click the overflow menu in the top right
  • Click Repositories
  • Paste https://github.com/bentasker/HomeAssistantAddons/ and click Add
  • Click the overflow button and click Reload
    A new section should appear, if it doesn’t hit System and then Restart Supervisor
    Click into the addon and click Install
    Once installed, click in and choose
  • Start on boot
  • Protection mode (turn it off)
  • Click Start"

1 Like

Thanks. I will try that.

Once I let it access external DNS, number of queries slowly reduced. I guess when DNS cache expired it will go all over again.

Yes but you can also control the external dns by first implementing what was described above, and then tightly control the kinds of dns calls and to where they are made by using the adguard plug-in under dns settings. I love adguard, it even strips out al of the advertisements from my web browsing on any device on my home network (of course you have to just then tell your router to point the IP address of your home assistent as your dns server) shown in adguard as well under “setup guide” - and so that does not change on you, be sure to make the HA device is asssigned a static ip on your router - and use that IP)… Good luck!