Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Contstant DoT requests to 1.1.1.1 & 1.0.0.0 #1911

Closed
tescophil opened this issue Aug 14, 2020 · 10 comments
Closed

Contstant DoT requests to 1.1.1.1 & 1.0.0.0 #1911

tescophil opened this issue Aug 14, 2020 · 10 comments

Comments

@tescophil
Copy link

tescophil commented Aug 14, 2020
edited
Loading

Home Assistant release with the issue:

arch armv7l
chassis embedded
dev falseclearley
docker true
docker_version 19.03.11
hassio true
host_os HassOS 4.12
installation_type Home Assistant OS
os_name Linux
os_version 4.19.127-v7
python_version 3.8.3
supervisor 232
timezone Europe/London
version 0.114.0
virtualenv false

Operating environment (HassOS/Generic):
HassOS on Raspberry Pi 3B+

Supervisor logs:

~ $ ha supervisor logs
20-08-13 22:39:06 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/NetworkManager/DnsManager
20-08-13 22:39:07 INFO (MainThread) [supervisor.host.sound] Update PulseAudio information
Failed to load cookie file from cookie: No such file or directory
20-08-13 22:49:11 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-13 23:08:41 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-13 23:38:42 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-13 23:49:12 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-14 00:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/sabeechen/hassio-google-drive-backup repository
20-08-14 00:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/home-assistant/hassio-addons repository
20-08-14 00:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/hassio-addons/repository repository
20-08-14 00:05:45 INFO (MainThread) [supervisor.updater] Fetch update data from https://version.home-assistant.io/stable.json
20-08-14 00:05:47 INFO (MainThread) [supervisor.store] Load add-ons from store: 67 all - 0 new - 0 remove
20-08-14 00:08:42 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 00:38:43 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 00:45:44 INFO (MainThread) [supervisor.host.info] Update local host information
20-08-14 00:45:44 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/hostname1
20-08-14 00:45:46 INFO (MainThread) [supervisor.host.services] Update service information
20-08-14 00:45:46 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.systemd1.Manager.ListUnits on /org/freedesktop/systemd1
20-08-14 00:45:46 INFO (MainThread) [supervisor.host.network] Update local network DNS information
20-08-14 00:45:46 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/NetworkManager/DnsManager
20-08-14 00:45:47 INFO (MainThread) [supervisor.host.sound] Update PulseAudio information
Failed to load cookie file from cookie: No such file or directory
20-08-14 00:49:14 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-14 01:08:44 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 01:38:45 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 01:49:16 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-14 02:05:45 INFO (MainThread) [supervisor.updater] Fetch update data from https://version.home-assistant.io/stable.json
20-08-14 02:08:49 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 02:38:52 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 02:49:18 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-14 02:52:24 INFO (MainThread) [supervisor.host.info] Update local host information
20-08-14 02:52:24 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/hostname1
20-08-14 02:52:26 INFO (MainThread) [supervisor.host.services] Update service information
20-08-14 02:52:26 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.systemd1.Manager.ListUnits on /org/freedesktop/systemd1
20-08-14 02:52:26 INFO (MainThread) [supervisor.host.network] Update local network DNS information
20-08-14 02:52:26 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/NetworkManager/DnsManager
20-08-14 02:52:27 INFO (MainThread) [supervisor.host.sound] Update PulseAudio information
Failed to load cookie file from cookie: No such file or directory
20-08-14 03:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/sabeechen/hassio-google-drive-backup repository
20-08-14 03:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/hassio-addons/repository repository
20-08-14 03:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/home-assistant/hassio-addons repository
20-08-14 03:05:47 INFO (MainThread) [supervisor.store] Load add-ons from store: 67 all - 0 new - 0 remove
20-08-14 03:08:53 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 03:38:54 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 03:49:20 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-14 04:05:45 INFO (MainThread) [supervisor.updater] Fetch update data from https://version.home-assistant.io/stable.json
20-08-14 04:08:56 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 04:38:59 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 04:49:22 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-14 04:59:04 INFO (MainThread) [supervisor.host.info] Update local host information
20-08-14 04:59:04 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/hostname1
20-08-14 04:59:06 INFO (MainThread) [supervisor.host.services] Update service information
20-08-14 04:59:06 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.systemd1.Manager.ListUnits on /org/freedesktop/systemd1
20-08-14 04:59:06 INFO (MainThread) [supervisor.host.network] Update local network DNS information
20-08-14 04:59:06 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/NetworkManager/DnsManager
20-08-14 04:59:07 INFO (MainThread) [supervisor.host.sound] Update PulseAudio information
Failed to load cookie file from cookie: No such file or directory
20-08-14 05:09:03 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 05:39:03 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 05:49:23 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-14 06:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/home-assistant/hassio-addons repository
20-08-14 06:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/hassio-addons/repository repository
20-08-14 06:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/sabeechen/hassio-google-drive-backup repository
20-08-14 06:05:45 INFO (MainThread) [supervisor.updater] Fetch update data from https://version.home-assistant.io/stable.json
20-08-14 06:05:47 INFO (MainThread) [supervisor.store] Load add-ons from store: 67 all - 0 new - 0 remove
20-08-14 06:09:03 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 06:39:08 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 06:49:25 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-14 07:05:44 INFO (MainThread) [supervisor.host.info] Update local host information
20-08-14 07:05:44 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/hostname1
20-08-14 07:05:46 INFO (MainThread) [supervisor.host.services] Update service information
20-08-14 07:05:46 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.systemd1.Manager.ListUnits on /org/freedesktop/systemd1
20-08-14 07:05:46 INFO (MainThread) [supervisor.host.network] Update local network DNS information
20-08-14 07:05:46 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/NetworkManager/DnsManager
20-08-14 07:05:46 INFO (MainThread) [supervisor.host.sound] Update PulseAudio information
Failed to load cookie file from cookie: No such file or directory
20-08-14 07:09:12 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 07:39:14 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 07:49:27 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-14 08:05:44 INFO (MainThread) [supervisor.snapshots] Found 5 snapshot files
20-08-14 08:05:45 INFO (MainThread) [supervisor.updater] Fetch update data from https://version.home-assistant.io/stable.json
20-08-14 08:09:16 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 08:39:20 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 08:49:28 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-14 09:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/hassio-addons/repository repository
20-08-14 09:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/home-assistant/hassio-addons repository
20-08-14 09:05:44 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/sabeechen/hassio-google-drive-backup repository
20-08-14 09:05:48 INFO (MainThread) [supervisor.store] Load add-ons from store: 67 all - 0 new - 0 remove
20-08-14 09:09:22 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 09:12:24 INFO (MainThread) [supervisor.host.info] Update local host information
20-08-14 09:12:24 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/hostname1
20-08-14 09:12:26 INFO (MainThread) [supervisor.host.services] Update service information
20-08-14 09:12:26 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.systemd1.Manager.ListUnits on /org/freedesktop/systemd1
20-08-14 09:12:26 INFO (MainThread) [supervisor.host.network] Update local network DNS information
20-08-14 09:12:26 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/NetworkManager/DnsManager
20-08-14 09:12:26 INFO (MainThread) [supervisor.host.sound] Update Pulse Audio information
Failed to load cookie file from cookie: No such file or directory
20-08-14 09:39:26 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-14 09:49:30 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-14 09:56:42 INFO (MainThread) [supervisor.api.security] /supervisor/logs access from core_ssh

Description of problem:
On my network I block all outgoing external DNS requests (Ports 53 & 853). So requests to my local DNS server at 192.168.10.1 are allowed, but a request to 8.8.8.8:53 for example will be blocked. I do this to force all devices on my network to use my local DNS server which is assigned over DHCP, or static.

~ $ ha dns info
host: 172.30.32.3
locals:
- dns://192.168.10.1
servers: []
version: "9"
version_latest: "9"

My HA system functions perfectly, however I see constant DoT requests (10-16 per min) from HA to 1.1.1.1 and 1.0.0.1. This is apparently a fall back #1597 solution for when local DNS is 'messed up'. However, there is nothing wrong with my config, yet I see this constant traffic

image

I block this kind of DNS traffic because its an issue of both Privacy & Performance. I don't believe systems should have hard coded DNS built in (eg. Google is huge offender...). I understand this is trying to fix a 'Problem', but I don't think hard coded DNS is the solution, especially when the existence of such settings is only apparent after searching the repo, because it's not in the docs, and its not displayed when running the above ha dns info command.

My personal opinions aside, there is clearly a bug in the 'fallback' solution, as my DNS setup is working fine.
@pvizeli
Copy link
Member

pvizeli commented Aug 14, 2020

You can debug the setup with ha dns logs

@tescophil
Copy link
Author

tescophil commented Aug 14, 2020
edited
Loading

I don't see any errors here...(or am I missing something ?)

~ $ ha dns logs
[INFO] 172.30.32.1:41585 - 13997 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.00330359s
[INFO] 172.30.32.1:41585 - 15820 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 40 0.003672184s
[INFO] 172.30.32.1:47211 - 58273 "AAAA IN api.ring.com. udp 30 false 512" NOERROR qr,rd,ra 224 0.014286442s
[INFO] 172.30.32.1:47211 - 56294 "A IN api.ring.com. udp 30 false 512" NOERROR qr,rd,ra 688 0.01779675s
[INFO] 172.30.33.1:38284 - 14955 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.014885242s
[INFO] 172.30.33.1:50548 - 13965 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.015283262s
[INFO] 172.30.32.1:43739 - 46450 "A IN whois.arin.net. udp 32 false 512" NOERROR qr,rd,ra 122 0.015268053s
[INFO] 172.30.32.1:56196 - 14752 "AAAA IN whois.arin.net. udp 32 false 512" NOERROR qr,rd,ra 158 0.015875083s
[INFO] 172.30.32.1:50948 - 27688 "AAAA IN whois.ripe.net. udp 32 false 512" NOERROR qr,rd,ra 74 0.012946858s
[INFO] 172.30.32.1:32836 - 58392 "A IN whois.ripe.net. udp 32 false 512" NOERROR qr,rd,ra 62 0.012198005s
[INFO] 172.30.33.1:35615 - 18114 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.015056803s
[INFO] 172.30.33.1:52301 - 16186 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.016031385s
[INFO] 172.30.32.1:42067 - 22625 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.013430555s
[INFO] 172.30.32.1:42067 - 24500 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 145 0.016069509s
[INFO] 172.30.32.1:36161 - 28125 "A IN aa015h6xxxvih86i1.api.met.no. udp 46 false 512" NOERROR qr,rd,ra 90 0.012913784s
[INFO] 172.30.32.1:36161 - 30364 "AAAA IN aa015h6xxxvih86i1.api.met.no. udp 46 false 512" NOERROR qr,rd,ra 118 0.013440606s
[INFO] 172.30.32.1:55099 - 16403 "PTR IN 195.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 129 0.003539839s
[INFO] 172.30.32.1:51072 - 42607 "PTR IN 178.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 130 0.004016088s
[INFO] 172.30.32.1:34202 - 4236 "PTR IN 246.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 119 0.003486922s
[INFO] 172.30.32.1:38049 - 26037 "PTR IN 224.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 122 0.003375412s
[INFO] 172.30.32.1:58094 - 61568 "PTR IN 133.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 123 0.003379527s
[INFO] 172.30.32.1:38070 - 59149 "PTR IN 157.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 122 0.002898225s
[INFO] 172.30.32.1:53100 - 16017 "PTR IN 110.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 129 0.003534527s
[INFO] 172.30.32.1:59366 - 47230 "PTR IN 242.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 132 0.003004944s
[INFO] 172.30.32.1:57846 - 12316 "PTR IN 3.33.30.172.in-addr.arpa. udp 42 false 512" NOERROR qr,aa,rd 202 0.001678488s
[INFO] 172.30.32.1:44780 - 24880 "PTR IN 3.32.30.172.in-addr.arpa. udp 42 false 512" NOERROR qr,aa,rd 138 0.000952967s
[INFO] 172.30.32.1:54095 - 32298 "PTR IN 233.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 119 0.003643537s
[INFO] 172.30.32.1:59624 - 10149 "PTR IN 125.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 123 0.003433797s
[INFO] 172.30.32.1:41844 - 21054 "PTR IN 177.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 127 0.003440151s
[INFO] 172.30.32.1:54005 - 884 "PTR IN 230.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 118 0.003988224s
[INFO] 172.30.32.1:35946 - 11691 "PTR IN 197.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 119 0.003490464s
[INFO] 172.30.32.1:60665 - 63998 "PTR IN 17.10.168.192.in-addr.arpa. udp 44 false 512" NOERROR qr,aa,rd,ra 115 0.002646819s
[INFO] 172.30.32.1:37997 - 34397 "PTR IN 165.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 125 0.002616038s
[INFO] 172.30.32.1:43361 - 58660 "PTR IN 20.10.168.192.in-addr.arpa. udp 44 false 512" NOERROR qr,aa,rd,ra 106 0.003345308s
[INFO] 172.30.32.1:39591 - 26167 "PTR IN 35.10.168.192.in-addr.arpa. udp 44 false 512" NOERROR qr,aa,rd,ra 107 0.003879943s
[INFO] 172.30.32.1:54800 - 35103 "PTR IN 109.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 123 0.003267443s
[INFO] 172.30.32.1:34737 - 59716 "PTR IN 241.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 118 0.002716194s
[INFO] 172.30.32.1:49042 - 23854 "PTR IN 0.33.30.172.in-addr.arpa. udp 42 false 512" NOERROR qr,aa,rd 148 0.001423123s
[INFO] 172.30.32.1:37296 - 31557 "PTR IN 244.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 125 0.003842756s
[INFO] 172.30.32.1:49962 - 40180 "PTR IN 211.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 127 0.004235411s
[INFO] 172.30.32.1:40597 - 44187 "PTR IN 2.0.17.172.in-addr.arpa. udp 41 false 512" NXDOMAIN qr,rd,ra 41 0.015566594s
[INFO] 172.30.32.1:56081 - 31131 "PTR IN 10.10.168.192.in-addr.arpa. udp 44 false 512" NOERROR qr,aa,rd,ra 115 0.004070151s
[INFO] 172.30.32.1:34727 - 48565 "PTR IN 158.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 126 0.002681819s
[INFO] 172.30.32.1:49005 - 8624 "PTR IN 253.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 120 0.002755934s
[INFO] 172.30.32.1:38381 - 35335 "PTR IN 1.10.168.192.in-addr.arpa. udp 43 false 512" NOERROR qr,aa,rd,ra 109 0.002748382s
[INFO] 172.30.32.1:40472 - 23296 "PTR IN 182.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 126 0.002774267s
[INFO] 172.30.32.1:37061 - 22284 "PTR IN 223.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 120 0.002830309s
[INFO] 172.30.32.1:41489 - 31846 "PTR IN 25.10.168.192.in-addr.arpa. udp 44 false 512" NOERROR qr,aa,rd,ra 112 0.002844059s
[INFO] 172.30.32.1:53755 - 59668 "PTR IN 1.33.30.172.in-addr.arpa. udp 42 false 512" NOERROR qr,aa,rd 156 0.001092394s
[INFO] 172.30.32.1:33808 - 53937 "PTR IN 102.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 130 0.002804996s
[INFO] 172.30.32.1:58803 - 47225 "PTR IN 160.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 124 0.003237704s
[INFO] 172.30.32.1:53834 - 7733 "PTR IN 126.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 122 0.003225986s
[INFO] 172.30.32.1:37442 - 24700 "PTR IN 204.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 111 0.002939632s
[INFO] 172.30.32.1:45523 - 51605 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 40 0.003659942s
[INFO] 172.30.32.1:45523 - 49522 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.003900047s
[INFO] 172.30.33.1:41829 - 25897 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.015803051s
[INFO] 172.30.33.1:42187 - 27720 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.015045761s
[INFO] 172.30.33.3:37831 - 63550 "A IN www.googleapis.com. udp 36 false 512" NOERROR qr,rd,ra 546 0.015713697s
[INFO] 172.30.33.3:52467 - 39060 "A IN www.googleapis.com. udp 36 false 512" NOERROR qr,aa,rd,ra 546 0.000630831s
[INFO] 172.30.33.3:34563 - 18217 "A IN www.googleapis.com. udp 36 false 512" NOERROR qr,aa,rd,ra 546 0.000567133s
[INFO] 172.30.33.1:53761 - 1301 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.014903761s
[INFO] 172.30.33.1:44963 - 3176 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.01882099s
[INFO] 172.30.32.1:51457 - 19346 "A IN api.ring.com. udp 30 false 512" NOERROR qr,rd,ra 688 0.01565496s
[INFO] 172.30.32.1:51457 - 21169 "AAAA IN api.ring.com. udp 30 false 512" NOERROR qr,rd,ra 224 0.015852772s
[INFO] 172.30.32.1:40025 - 16202 "A IN share-service-download-bucket.s3.amazonaws.com. udp 64 false 512" NOERROR qr,rd,ra 180 0.014948192s
[INFO] 172.30.32.1:40025 - 18441 "AAAA IN share-service-download-bucket.s3.amazonaws.com. udp 64 false 512" NOERROR qr,rd,ra 248 0.014054549s
[INFO] 172.30.32.1:52386 - 38929 "A IN api.openweathermap.org. udp 40 [INFO] 172.30.32.1:37296 - 31557[INFO] 172.30.32.1:37296 - 31557false 512" NOERROR qr,rd,ra 192 0.00312119s
[INFO] 172.30.32.1:52386 - 40699 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 145 0.014496579s
[INFO] 172.30.33.1:38375 - 37597 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.014752779s
[INFO] 172.30.33.1:33354 - 39055 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.016376057s
[INFO] 172.30.33.1:60377 - 12359 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.016205906s
[INFO] 172.30.33.1:37418 - 13922 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.018096683s
[INFO] 172.30.32.2:43074 - 30363 "AAAA IN version.home-assistant.io. udp 43 false 512" NOERROR qr,rd,ra 202 0.015926428s
[INFO] 172.30.32.2:43074 - 28332 "A IN version.home-assistant.io. udp 43 false 512" NOERROR qr,rd,ra 166 0.015923199s
[INFO] 172.30.32.1:53078 - 44237 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 40 0.003312806s
[INFO] 172.30.32.1:53078 - 42154 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.004089576s
[INFO] 172.30.33.1:43733 - 53626 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.015727732s
[INFO] 172.30.33.1:46820 - 55501 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.016270439s
[INFO] 172.30.32.1:37637 - 26033 "A IN api.ring.com. udp 30 false 512" NOERROR qr,rd,ra 688 0.013913934s
[INFO] 172.30.32.1:37637 - 28116 "AAAA IN api.ring.com. udp 30 false 512" NOERROR qr,rd,ra 224 0.015380754s
[INFO] 172.30.33.1:58914 - 54850 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.015681795s
[INFO] 172.30.33.1:42140 - 52871 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.015715337s
[INFO] 172.30.32.1:46189 - 49657 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.003873483s
[INFO] 172.30.32.1:46189 - 51480 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 145 0.014466798s
[INFO] 172.30.32.1:45855 - 10104 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.003284109s
[INFO] 172.30.32.1:45855 - 11979 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 40 0.003423692s
[INFO] 172.30.33.1:57373 - 6599 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.015748307s
[INFO] 172.30.33.1:44626 - 4828 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.01771122s
[INFO] 172.30.33.0:48717 - 4038 "A IN 127.0.0.1:5353. udp 32 false 512" NXDOMAIN qr,rd,ra 107 0.020773246s
[INFO] 172.30.33.0:35919 - 49073 "A IN 127.0.0.1:5353. udp 32 false 512" NXDOMAIN qr,aa,rd,ra 107 0.001429785s
[INFO] 172.30.33.1:60755 - 24830 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.015454982s
[INFO] 172.30.33.1:46892 - 26340 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.020105325s
[INFO] 172.30.32.1:46254 - 39272 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 145 0.014304111s
[INFO] 172.30.32.1:46254 - 37241 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.014261038s
[INFO] 172.30.32.1:50885 - 55924 "AAAA IN mobile-apps.home-assistant.io. udp 47 false 512" NOERROR qr,rd,ra 142 0.014535523s
[INFO] 172.30.32.1:50885 - 53997 "A IN mobile-apps.home-assistant.io. udp 47 false 512" NOERROR qr,rd,ra 137 0.014669116s
[INFO] 172.30.33.1:48877 - 10241 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.015025001s
[INFO] 172.30.33.1:43391 - 12012 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.016963484s
[INFO] 172.30.32.1:45051 - 22680 "AAAA IN oauth.ring.com. udp 32 false 512" NOERROR qr,rd,ra 215 0.014044119s
[INFO] 172.30.32.1:45051 - 21065 "A IN oauth.ring.com. udp 32 false 512" NOERROR qr,rd,ra 191 0.014546931s

All these responses look OK to me, and are consistant with commands run directly on HA eg.

~ $ dig +answer @192.168.10.1 api.openweathermap.org a

; <<>> DiG 9.14.12 <<>> +answer @192.168.10.1 api.openweathermap.org a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46709
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;api.openweathermap.org.		IN	A

;; ANSWER SECTION:
api.openweathermap.org.	2399	IN	A	188.166.16.132
api.openweathermap.org.	2399	IN	A	37.139.20.5
api.openweathermap.org.	2399	IN	A	82.196.7.246
api.openweathermap.org.	2399	IN	A	37.139.1.159

;; Query time: 1 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Fri Aug 14 11:43:56 BST 2020
;; MSG SIZE  rcvd: 115
~ $

@tescophil
Copy link
Author

Upgraded to Supervisor 234, the DoT requests stopped for around 1 hour after the update, then started up again. This also correlates with an increase in processor usage.

Supervisor Logs

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] udev.sh: executing... 
[11:11:06] INFO: Update udev information
[cont-init.d] udev.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
20-08-15 11:11:14 INFO (MainThread) [__main__] Initialize Supervisor setup
20-08-15 11:11:15 INFO (MainThread) [supervisor.bootstrap] Initialize Supervisor Sentry
20-08-15 11:11:15 INFO (MainThread) [supervisor.bootstrap] Setup coresys for machine: raspberrypi3
20-08-15 11:11:15 INFO (SyncWorker_0) [supervisor.docker.supervisor] Attach to Supervisor homeassistant/armv7-hassio-supervisor with version 234
20-08-15 11:11:15 INFO (SyncWorker_0) [supervisor.docker.supervisor] Connect Supervisor to hassio Network
20-08-15 11:11:16 INFO (SyncWorker_0) [supervisor.docker.interface] Cleanup images: ['homeassistant/armv7-hassio-supervisor:232']
20-08-15 11:11:18 INFO (MainThread) [__main__] Setup Supervisor
20-08-15 11:11:18 INFO (MainThread) [supervisor.utils.gdbus] Connect to dbus: org.freedesktop.systemd1 - /org/freedesktop/systemd1
20-08-15 11:11:19 INFO (MainThread) [supervisor.utils.gdbus] Connect to dbus: org.freedesktop.hostname1 - /org/freedesktop/hostname1
20-08-15 11:11:19 INFO (MainThread) [supervisor.utils.gdbus] Connect to dbus: de.pengutronix.rauc - /
20-08-15 11:11:19 INFO (MainThread) [supervisor.utils.gdbus] Connect to dbus: org.freedesktop.NetworkManager - /org/freedesktop/NetworkManager/DnsManager
20-08-15 11:11:19 INFO (MainThread) [supervisor.host.info] Update local host information
20-08-15 11:11:19 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/hostname1
20-08-15 11:11:19 INFO (MainThread) [supervisor.host.services] Update service information
20-08-15 11:11:19 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.systemd1.Manager.ListUnits on /org/freedesktop/systemd1
20-08-15 11:11:20 INFO (MainThread) [supervisor.host.network] Update local network DNS information
20-08-15 11:11:20 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/NetworkManager/DnsManager
20-08-15 11:11:20 INFO (MainThread) [supervisor.host.sound] Update PulseAudio information
Failed to load cookie file from cookie: No such file or directory
20-08-15 11:11:20 INFO (MainThread) [supervisor.host.apparmor] Load AppArmor Profiles: {'hassio-supervisor'}
20-08-15 11:11:20 INFO (MainThread) [supervisor.host.services] Reload local service hassos-apparmor.service
20-08-15 11:11:20 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.systemd1.Manager.ReloadOrRestartUnit on /org/freedesktop/systemd1
20-08-15 11:11:20 INFO (SyncWorker_0) [supervisor.docker.interface] Attach to homeassistant/armv7-hassio-dns with version 9
20-08-15 11:11:20 ERROR (MainThread) [supervisor.misc.forwarder] Can't start DNS forwarding: [Errno 13] Permission denied
20-08-15 11:11:20 INFO (MainThread) [supervisor.plugins.dns] Restart CoreDNS plugin
20-08-15 11:11:20 INFO (SyncWorker_0) [supervisor.docker.interface] Restart homeassistant/armv7-hassio-dns
20-08-15 11:11:30 INFO (MainThread) [supervisor.plugins.dns] Updated /etc/resolv.conf
20-08-15 11:11:30 INFO (SyncWorker_0) [supervisor.docker.interface] Attach to homeassistant/armv7-hassio-audio with version 17
20-08-15 11:11:30 INFO (SyncWorker_0) [supervisor.docker.interface] Attach to homeassistant/armv7-hassio-cli with version 25
20-08-15 11:11:30 INFO (SyncWorker_0) [supervisor.docker.interface] Attach to homeassistant/armv7-hassio-multicast with version 2
20-08-15 11:11:30 INFO (MainThread) [supervisor.plugins.multicast] Restart Multicast plugin
20-08-15 11:11:30 INFO (SyncWorker_0) [supervisor.docker.interface] Restart homeassistant/armv7-hassio-multicast
20-08-15 11:11:35 INFO (MainThread) [supervisor.updater] Fetch update data from https://version.home-assistant.io/stable.json
20-08-15 11:11:35 INFO (SyncWorker_0) [supervisor.docker.interface] Attach to homeassistant/raspberrypi3-homeassistant with version 0.114.1
20-08-15 11:11:35 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /
20-08-15 11:11:36 INFO (MainThread) [supervisor.hassos] Detect HassOS 4.12 / BootSlot B
20-08-15 11:11:38 INFO (MainThread) [supervisor.store.git] Load add-on /data/addons/git/a0d7b954 repository
20-08-15 11:11:38 INFO (MainThread) [supervisor.store.git] Load add-on /data/addons/git/cebe7a76 repository
20-08-15 11:11:38 INFO (MainThread) [supervisor.store.git] Load add-on /data/addons/core repository
20-08-15 11:11:38 INFO (MainThread) [supervisor.store] Load add-ons from store: 67 all - 67 new - 0 remove
20-08-15 11:11:38 INFO (MainThread) [supervisor.addons] Found 6 installed add-ons
20-08-15 11:11:39 INFO (SyncWorker_3) [supervisor.docker.interface] Attach to homeassistant/armv7-addon-duckdns with version 1.12.1
20-08-15 11:11:39 INFO (SyncWorker_1) [supervisor.docker.interface] Attach to hassioaddons/adguard-armv7 with version 2.5.0
20-08-15 11:11:39 INFO (SyncWorker_2) [supervisor.docker.interface] Attach to homeassistant/armv7-addon-configurator with version 5.0.0
20-08-15 11:11:39 INFO (SyncWorker_5) [supervisor.docker.interface] Attach to homeassistant/armv7-addon-ssh with version 8.6.0
20-08-15 11:11:39 INFO (SyncWorker_4) [supervisor.docker.interface] Attach to sabeechen/hassio-google-drive-backup-armv7 with version 0.100.0
20-08-15 11:11:39 INFO (SyncWorker_0) [supervisor.docker.interface] Attach to homeassistant/armv7-addon-check_config with version 3.4.0
20-08-15 11:11:39 INFO (MainThread) [supervisor.snapshots] Found 5 snapshot files
20-08-15 11:11:39 INFO (MainThread) [supervisor.discovery] Load 1 messages
20-08-15 11:11:39 INFO (MainThread) [supervisor.ingress] Load 3 ingress session
20-08-15 11:11:39 INFO (MainThread) [supervisor.misc.secrets] Load Home Assistant secrets: 3
20-08-15 11:11:40 INFO (MainThread) [__main__] Run Supervisor
20-08-15 11:11:40 INFO (MainThread) [supervisor.api] Start API on 172.30.32.2
20-08-15 11:11:40 INFO (MainThread) [supervisor.utils.gdbus] Call de.pengutronix.rauc.Installer.Mark on /
20-08-15 11:11:40 INFO (MainThread) [supervisor.hassos] Rauc: B - marked slot kernel.1 as good
20-08-15 11:11:40 INFO (MainThread) [supervisor.addons] Phase 'AddonStartup.INITIALIZE' start 0 add-ons
20-08-15 11:11:40 INFO (MainThread) [supervisor.core] Supervisor reboot detected
20-08-15 11:11:40 INFO (MainThread) [supervisor.misc.tasks] All core tasks are scheduled
20-08-15 11:11:40 INFO (MainThread) [supervisor.misc.hwmon] Started Supervisor hardware monitor
20-08-15 11:11:40 INFO (MainThread) [supervisor.core] Supervisor is up and running
20-08-15 11:11:40 INFO (MainThread) [supervisor.host.info] Update local host information
20-08-15 11:11:40 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/hostname1
20-08-15 11:11:40 INFO (MainThread) [supervisor.host.services] Update service information
20-08-15 11:11:40 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.systemd1.Manager.ListUnits on /org/freedesktop/systemd1
20-08-15 11:11:41 INFO (MainThread) [supervisor.host.network] Update local network DNS information
20-08-15 11:11:41 INFO (MainThread) [supervisor.utils.gdbus] Call org.freedesktop.DBus.Properties.GetAll on /org/freedesktop/NetworkManager/DnsManager
20-08-15 11:11:41 INFO (MainThread) [supervisor.host.sound] Update PulseAudio information
Failed to load cookie file from cookie: No such file or directory
20-08-15 11:11:47 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-15 11:41:50 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token
20-08-15 11:50:18 INFO (MainThread) [supervisor.api.security] /snapshots access from cebe7a76_hassio_google_drive_backup
20-08-15 12:11:53 INFO (MainThread) [supervisor.homeassistant] Updated Home Assistant API token

DNS Logs

~ $ ha dns logs
[INFO] 172.30.32.1:54554 - 19620 "PTR IN 244.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 125 0.001250883s
[INFO] 172.30.32.1:37702 - 13931 "PTR IN 211.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 127 0.001147758s
[INFO] 172.30.32.1:47382 - 41077 "PTR IN 120.10.168.192.in-addr.arpa. udp 45 false 512" NXDOMAIN qr,rd,ra 45 0.0209461s
[INFO] 172.30.32.1:58868 - 44674 "PTR IN 2.0.17.172.in-addr.arpa. udp 41 false 512" NXDOMAIN qr,rd,ra 41 0.023266148s
[INFO] 172.30.32.1:46626 - 40124 "PTR IN 10.10.168.192.in-addr.arpa. udp 44 false 512" NOERROR qr,aa,rd,ra 115 0.001853746s
[INFO] 172.30.32.1:38999 - 58059 "PTR IN 158.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 126 0.001790986s
[INFO] 172.30.32.1:41743 - 55129 "PTR IN 253.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 120 0.001982652s
[INFO] 172.30.32.1:49038 - 31601 "PTR IN 1.10.168.192.in-addr.arpa. udp 43 false 512" NOERROR qr,aa,rd,ra 109 0.001782132s
[INFO] 172.30.32.1:58380 - 9758 "PTR IN 182.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 126 0.001808486s
[INFO] 172.30.32.1:54340 - 13817 "PTR IN 223.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 120 0.003430982s
[INFO] 172.30.32.1:59978 - 15405 "PTR IN 25.10.168.192.in-addr.arpa. udp 44 false 512" NOERROR qr,aa,rd,ra 112 0.002190047s
[INFO] 172.30.32.1:56542 - 19110 "PTR IN 1.33.30.172.in-addr.arpa. udp 42 false 512" NOERROR qr,aa,rd 156 0.000880102s
[INFO] 172.30.32.1:46698 - 31171 "PTR IN 102.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 130 0.001920933s
[INFO] 172.30.32.1:37833 - 39221 "PTR IN 160.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 124 0.002023277s
[INFO] 172.30.32.1:37791 - 34019 "PTR IN 234.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 126 0.006716235s
[INFO] 172.30.32.1:51778 - 7263 "PTR IN 126.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 122 0.002286297s
[INFO] 172.30.32.1:45235 - 56818 "PTR IN 204.10.168.192.in-addr.arpa. udp 45 false 512" NOERROR qr,aa,rd,ra 111 0.00393697s
[INFO] 172.30.33.1:58427 - 44865 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.02383797s
[INFO] 172.30.33.1:57273 - 46324 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.024812552s
[INFO] 172.30.33.3:33567 - 55330 "AAAA IN www.googleapis.com. udp 36 false 512" NOERROR qr,rd,ra 174 0.027679161s
[INFO] 172.30.33.3:47054 - 53924 "A IN www.googleapis.com. udp 36 false 512" NOERROR qr,rd,ra 546 0.02843218s
[INFO] 172.30.33.3:42944 - 8164 "AAAA IN www.googleapis.com. udp 36 false 512" NOERROR qr,aa,rd,ra 174 0.000690832s
[INFO] 172.30.33.3:48189 - 6237 "A IN www.googleapis.com. udp 36 false 512" NOERROR qr,aa,rd,ra 546 0.000569426s
[INFO] 172.30.32.1:52979 - 43303 "A IN aa015h6buxxxxxxxx.api.met.no. udp 46 false 512" NOERROR qr,rd,ra 90 0.029861917s
[INFO] 172.30.32.1:52979 - 45439 "AAAA IN aa015h6buxxxxxxxx.api.met.no. udp 46 false 512" NOERROR qr,rd,ra 118 0.030491187s
[INFO] 172.30.32.1:51205 - 60509 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.003720044s
[INFO] 172.30.32.1:51205 - 62436 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 145 0.034628419s
[INFO] 172.30.33.3:38244 - 16915 "A IN www.googleapis.com. udp 36 false 512" NOERROR qr,rd,ra 546 0.00286239s
[INFO] 172.30.33.3:56302 - 13033 "A IN www.googleapis.com. udp 36 false 512" NOERROR qr,aa,rd,ra 546 0.000491353s
[INFO] 172.30.33.3:44491 - 54956 "A IN www.googleapis.com. udp 36 false 512" NOERROR qr,aa,rd,ra 546 0.000513697s
[INFO] 172.30.33.1:37643 - 27856 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.023245423s
[INFO] 172.30.33.1:57511 - 29054 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.023737193s
[INFO] 172.30.32.1:51342 - 628 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.003186453s
[INFO] 172.30.32.1:51342 - 2607 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 40 0.004527751s
[INFO] 172.30.33.1:59442 - 61109 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.014895806s
[INFO] 172.30.33.1:36407 - 59339 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.016729448s
[INFO] 172.30.33.1:53676 - 37816 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.015489907s
[INFO] 172.30.33.1:53043 - 39587 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.0167722s
[INFO] 172.30.32.1:60702 - 56852 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.0022625s
[INFO] 172.30.32.1:60702 - 57842 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 145 0.013947661s
[INFO] 172.30.32.1:37498 - 19184 "AAAA IN share-service-download-bucket.s3.amazonaws.com. udp 64 false 512" NOERROR qr,rd,ra 248 0.014411774s
[INFO] 172.30.32.1:37498 - 16684 "A IN share-service-download-bucket.s3.amazonaws.com. udp 64 false 512" NOERROR qr,rd,ra 180 0.016050681s
[INFO] 172.30.33.1:42319 - 49794 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.014704529s
[INFO] 172.30.33.1:35417 - 51461 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.020681767s
[INFO] 172.30.33.1:46261 - 10823 "A IN acme-v02.api.letsencrypt.org. udp 46 false 512" NOERROR qr,rd,ra 264 0.014655101s
[INFO] 172.30.33.1:42129 - 12907 "AAAA IN acme-v02.api.letsencrypt.org. udp 46 false 512" NOERROR qr,rd,ra 276 0.016016924s
[INFO] 172.30.32.1:39507 - 64940 "AAAA IN api.ring.com. udp 30 false 512" NOERROR qr,rd,ra 224 0.016961971s
[INFO] 172.30.32.1:39507 - 62961 "A IN api.ring.com. udp 30 false 512" NOERROR qr,rd,ra 688 0.019181553s
[INFO] 172.30.33.1:50162 - 39465 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.014848583s
[INFO] 172.30.33.1:43027 - 38475 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.016998998s
[INFO] 172.30.32.1:50377 - 62086 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 40 0.003533174s
[INFO] 172.30.32.1:50377 - 60054 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.003979423s
[INFO] 172.30.32.1:43038 - 18476 "A IN whois.arin.net. udp 32 false 512" NOERROR qr,rd,ra 122 0.01334254s
[INFO] 172.30.32.1:45684 - 21301 "AAAA IN whois.arin.net. udp 32 false 512" NOERROR qr,rd,ra 158 0.013392904s
[INFO] 172.30.32.1:42871 - 63513 "A IN whois.ripe.net. udp 32 false 512" NOERROR qr,rd,ra 62 0.002316821s
[INFO] 172.30.32.1:54711 - 13823 "AAAA IN whois.ripe.net. udp 32 false 512" NOERROR qr,rd,ra 74 0.013828945s
[INFO] 172.30.32.1:47819 - 53065 "A IN 192-168-10-35.7131bec7700f4bb9bcaff66cxxxxxxxx.plex.direct. udp 76 false 512" NOERROR qr,rd,ra 150 0.002957914s
[INFO] 172.30.32.1:47819 - 55409 "AAAA IN 192-168-10-35.7131bec7700f4bb9bcaff66c6cxxxxxxxx.plex.direct. udp 76 false 512" NOERROR qr,rd,ra 151 0.305823185s
[INFO] 172.30.32.1:44448 - 17603 "AAAA IN plex.tv. udp 25 false 512" NOERROR qr,rd,ra 110 0.012130457s
[INFO] 172.30.32.1:44448 - 15988 "A IN plex.tv. udp 25 false 512" NOERROR qr,rd,ra 94 0.015106287s
[INFO] 172.30.33.1:50107 - 52684 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.015003474s
[INFO] 172.30.33.1:39376 - 54299 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.017997951s
[INFO] 172.30.32.1:35940 - 60209 "AAAA IN 192-168-10-35.7131bec7700f4bb9bcaff66cxxxxxxxx.plex.direct. udp 76 false 512" NOERROR qr,rd,ra 76 0.003663121s
[INFO] 172.30.32.1:35940 - 57500 "A IN 192-168-10-35.7131bec7700f4bb9bcaff66cxxxxxxxx.plex.direct. udp 76 false 512" NOERROR qr,rd,ra 150 0.007301555s
[INFO] 172.30.32.1:58698 - 33345 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.004385829s
[INFO] 172.30.32.1:58698 - 34856 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 145 0.014286703s
[INFO] 172.30.33.1:46978 - 52153 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.014362067s
[INFO] 172.30.33.1:33119 - 50278 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.014470712s
[INFO] 172.30.32.1:52874 - 64118 "A IN whois.arin.net. udp 32 false 512" NOERROR qr,rd,ra 122 0.013776859s
[INFO] 172.30.32.1:47373 - 30037 "AAAA IN whois.arin.net. udp 32 false 512" NOERROR qr,rd,ra 158 0.015229565s
[INFO] 172.30.32.1:54982 - 11816 "A IN whois.ripe.net. udp 32 false 512" NOERROR qr,rd,ra 62 0.001718539s
[INFO] 172.30.32.1:53630 - 26050 "AAAA IN whois.ripe.net. udp 32 false 512" NOERROR qr,rd,ra 74 4.015126196s
[INFO] 127.0.0.1:60786 - 40481 "NS IN . udp 17 false 512" NOERROR - 0 5.169537807s
[ERROR] plugin/errors: 2 . NS: dial tcp 1.1.1.1:853: connect: connection refused
[INFO] 127.0.0.1:35178 - 23850 "NS IN . udp 17 false 512" NOERROR - 0 11.385774044s
[ERROR] plugin/errors: 2 . NS: dial tcp 1.0.0.1:853: connect: connection refused
[INFO] 127.0.0.1:45787 - 61663 "NS IN . udp 17 false 512" NOERROR - 0 7.193020293s
[ERROR] plugin/errors: 2 . NS: dial tcp 1.0.0.1:853: connect: connection refused
[INFO] 127.0.0.1:42353 - 26050 "AAAA IN whois.ripe.net. udp 32 false 512" NOERROR - 0 22.525196954s
[ERROR] plugin/errors: 2 whois.ripe.net. AAAA: dial tcp 1.1.1.1:853: i/o timeout
[INFO] 127.0.0.1:54328 - 986 "NS IN . udp 17 false 512" NOERROR - 0 7.296904427s
[ERROR] plugin/errors: 2 . NS: dial tcp 1.0.0.1:853: connect: connection refused
[INFO] 127.0.0.1:41448 - 46145 "NS IN . udp 17 false 512" NOERROR - 0 1.022802663s
[ERROR] plugin/errors: 2 . NS: dial tcp 1.1.1.1:853: connect: connection refused
[INFO] 127.0.0.1:42822 - 53866 "NS IN . udp 17 false 512" NOERROR - 0 8.212144136s
[ERROR] plugin/errors: 2 . NS: dial tcp 1.0.0.1:853: i/o timeout
[INFO] 127.0.0.1:33049 - 3993 "NS IN . udp 17 false 512" NOERROR - 0 0.002044112s
[ERROR] plugin/errors: 2 . NS: dial tcp 1.1.1.1:853: connect: connection refused
[INFO] 172.30.32.1:41141 - 10062 "AAAA IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 40 0.00331833s
[INFO] 172.30.32.1:41141 - 8187 "A IN api.openweathermap.org. udp 40 false 512" NOERROR qr,rd,ra 192 0.003551818s
[INFO] 172.30.33.1:32950 - 64611 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.014492013s
[INFO] 172.30.33.1:39369 - 1106 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.014837586s
[INFO] 172.30.32.1:48892 - 20855 "AAAA IN oauth.ring.com. udp 32 false 512" NOERROR qr,rd,ra 215 0.014103888s
[INFO] 172.30.32.1:48892 - 19136 "A IN oauth.ring.com. udp 32 false 512" NOERROR qr,rd,ra 191 0.015364928s
[INFO] 172.30.32.1:57999 - 32694 "A IN 192-168-10-35.7131bec7700f4bb9bcaff66cxxxxxxxx.plex.direct. udp 76 false 512" NOERROR qr,rd,ra 150 0.002778694s
[INFO] 172.30.32.1:57999 - 35142 "AAAA IN 192-168-10-35.7131bec7700f4bb9bcaff66cxxxxxxxx.plex.direct. udp 76 false 512" NOERROR qr,rd,ra 151 0.306414764s
[INFO] 172.30.32.1:52912 - 15139 "AAAA IN plex.tv. udp 25 false 512" NOERROR qr,rd,ra 25 0.002422289s
[INFO] 172.30.32.1:52912 - 13993 "A IN plex.tv. udp 25 false 512" NOERROR qr,rd,ra 94 0.014557221s
[INFO] 172.30.33.1:47566 - 44134 "AAAA IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 224 0.014580294s
[INFO] 172.30.33.1:53226 - 42311 "A IN www.duckdns.org. udp 33 false 512" NOERROR qr,rd,ra 247 0.015309199s

CPU Usage
image

@tescophil
Copy link
Author

Upgraded to version 235 of the supervisor, and no 853 traffic for the last 24 hours. Looks Good.

@tescophil
Copy link
Author

tescophil commented Aug 26, 2020
edited
Loading

Spoke too soon, back to the same suituation, constant 853 requests to cloudflair, no errors en the logs, nothing wrong with the DNS setup...

@tescophil tescophil reopened this Aug 26, 2020
@tpihl
Copy link

tpihl commented Sep 5, 2020

Have the same issues. Not using hassos until resolved

@pvizeli
Copy link
Member

pvizeli commented Sep 5, 2020

There is a heartbeat to all DNS servers, and if you block the DOT, they do that more aggressively. I would suggest to remove the block on the firewall or using Home Assistant Container installation.

@pvizeli pvizeli closed this as completed Sep 5, 2020
@tescophil
Copy link
Author

I'm sorry, but this is just not acceptable. Please respect our privacy and remove this unnecessary functionality

@tpihl
Copy link

tpihl commented Sep 7, 2020

Pls make "all DNS servers" configurable instead.

@tescophil
Copy link
Author

tescophil commented Sep 7, 2020
edited
Loading

That's not the point. This is supposed to be a "fall back" in case the user misconfigures the main DNS settings, so making this configurable is pointless. It just needs to go away, or only be used as an actual fall back when the main service fails, which is not the case here.

Hardcoded DNS is not a solution to any problem, it's just a breach of users privacy

@tescophil tescophil mentioned this issue Oct 18, 2020
Closed
@tescophil tescophil mentioned this issue Sep 24, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tpihl @pvizeli @tescophil