Why hard coded Cloudflare DNS?

H4kunaMatata · June 19, 2023, 12:44am

I run Pi-Hole + Unbound recursive DNS so only the 13 root nameservers are my DNS and no device is allowed to go around that.
I have been noticing my OPNSense firewall logs going nuts with a device spamming with Cloudflare DNS requests.
I have a dynamic rule to block devices from using DNS-over-TLS and DNS-over-HTTPS which makes impossible to block their ADs and personal data tracking, you know, you cannot just block 443 ( DNS-over-HTTPS) and call it a day and blocking 853 isn’t really solving the problem.

While checking NTOPNG, I got this little surprise. I don’t think this is correct or right for the matter.
If I am running home assistant locally to avoid control, the last thing I need is home assistant itself forcing DNS servers on me.

Is there a way to completely remove/disable this??
It must be a way to stop this.

Thanks

H4kunaMatata · July 10, 2023, 12:22am

No update it seems like, hmmmm

With the recent updates, things got worse.
Now it is also trying DoH or I didn’t seem that before.
This DNS field should be moved to GUI where users can set whatever they want.

20230710_101213

deanfourie · August 10, 2023, 9:41am

Hey i’m noticing this behaviour too.

HA really wants to use DoH and DoT.

Did you get around this?

Even with

ha dns options --fallback=false

It will not use my DNS server.

H4kunaMatata · February 7, 2024, 5:22am

I just kept the firewall rule blocking everything, my HAOS cannot use external DNS coz it is blocked on the firewall level

deanfourie · February 14, 2024, 9:23am

but how do you update HA?