Homebase 2 and DNS over TLS

Queries
1

Unable to change security settings (from home to away for example) while router is configured for DNS over TLS. I get the fail to connect 6. error message. Just wondering if any one else experiences the same issue.
Using an Asus RT-AX88U router.

2

Did it used to work before? Had a firmware update occurred recently?
Maybe the homebase 2 cannot communicate with the eufy servers or they refuse towith that type of encryption you have set up using Port 853 instead of the standard https traffic port 443.

Are you able to change your security settings from home to away on the App while your cell phone is not connected to your wireless router?

3

Thanks for the reply. I didn’t try the option over cell service, but I found a work around. I can assign specific DNS setting with fixed IP devices (in this case the base unit) on the router, with it set, I can now change the settings without errors.

4

That’s good to know.
Thanks :+1:

5

I can confirm, the homebase 2 can not handle it when your router is using DNS over TLS. Which is strange, because the router exposes itself as DNS server, so for the homebase it seems like normal DNS.

It took me getting a replacement homebase and then redo my router setup to figure this out. I solved it in my Asus router by going to LAN => DHCP setttings and there I gave the homebase (both wired and wifi_ a fixed IP and a specific DNS server. (I used cloudflare, 1.1.1.1)

image
image756×169 9.19 KB

6

Two things:
a) I agree Homebase 2 (at least) needs access to a decent DNS without blocking - I have a very custom DNS setup which involves piHole and OpenDNS, and until I “bypassed” that by forcing Homebase 2 to use quad9 (9.9.9.9) I couldn’t update firmware and was getting missed notifications

b) You CAN use DNS over TLS - if you’re prepared to do some work/run docker :slight_smile: My custom DNS presents internal “normal” DNS, DoH and DoT services - routes them to piHole and then back to OpenDNS via DNSCrypt. So for things that “won’t use DoH/DoT” they can use the plain old DNS, but it all gets funnelled to the secure channel.

7

I’ll add that (in the UK at least) the app/Homebase need to be able see :slight_smile:

*.eufylife.com
zhixin-security-eu.s3.eu-central-1.amazonaws.com
*.security-app-uk.myshopify.com

I will also add the app “overrides” (or ignores) your connection (i.e. WiFi) AND VPN and drops out to cellular DNS. I know this as (a) I force my phone to use my (externally accessible) DNS at all my times and (b) I log the “failed” queries, which have all been Eufy/Anker app related.

Once I whitelist those hosts, problems resolved.

1 Like