Menu
What's new
By:
Filters Better Search

Enabling DNS-over-TLS Breaks My Emporia Smart Plug Connection

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Kingp1n said:
The basic unbound install/ setup from amtm would be consider a "resolver" setup?
Click to expand...

I remember you have both options, but I need to look at the script again. The easiest check - click on the link below and if you see some upstream DNS servers - forwarder; if you see your own external IP address assigned by your ISP's DHCP - resolver.

DNS Leak Test

The DNS Leak Test is a tool used to determine which DNS servers your browser is using to resolve domain names. This test attempts to resolve 50 randomly generated domain names, of which 25 are IPv4-only and 25 are IPv6-only.
browserleaks.com browserleaks.com

Kingp1n said:
I don't use IPV6.
Click to expand...

Good. You obviously don't need it. ;)
 
kngklla said:
Thanks. I came across this thread where someone dug deeper with a similar issue on Wyze cameras. My guess is the same thing is happening here, the Emporia devices can’t handle the responses they are receiving from the router.
Click to expand...

Wondering if those plugs have DNS hard-coded - that could be a problem with some of the scripts that are wrapped around DNS over TLS due to folks using VPN to geo-unlock content regarding DNS leaks...
 
Tech9 said:
I remember you have both options, but I need to look at the script again. The easiest check - click on the link below and if you see some upstream DNS servers - forwarder; if you see your own external IP address assigned by your ISP's DHCP - resolver.

DNS Leak Test

The DNS Leak Test is a tool used to determine which DNS servers your browser is using to resolve domain names. This test attempts to resolve 50 randomly generated domain names, of which 25 are IPv4-only and 25 are IPv6-only.
browserleaks.com browserleaks.com



Good. You obviously don't need it. ;)
Click to expand...
I appreciate it. Just checked and it's currently setup as a resolver.
 
Keep it simple @Kingp1n. Your "gaming" router is weaker that RPi with just enough RAM to run core services. You don't need all other scripts within amtm. You probably need none on a home network. The fact something is available doesn't mean you must have it installed or running.
 
sfx2000 said:
Wondering if those plugs have DNS hard-coded - that could be a problem with some of the scripts that are wrapped around DNS over TLS due to folks using VPN to geo-unlock content regarding DNS leaks...
Click to expand...
I'd think it would be better if they did - then they would bypass the router's DNS and go direct. As far as I know, the router isn't stopping clients from using whatever DNS they want. At least I haven't knowingly configured anything like that.
 
Tech9 said:
Keep it simple @Kingp1n. Your "gaming" router is weaker that RPi with just enough RAM to run core services. You don't need all other scripts within amtm. You probably need none on a home network. The fact something is available doesn't mean you must have it installed or running.
Click to expand...
Thanks for that...I had to update my signature.

In the past i was using alot of those addon scripts but I'm currently using Diversion lite, Skynet, Unbound & FlexQoS. Maybe still a little too much for the routers RAM.
 
Your Internet experience will be perhaps better is you remove the rest as well. Or offload Unbound + Pi-hole on RPi. I don't know what you need IP blocker and QoS for. You perhaps have >400Mbps ISP line. Your firewall is already blocking all unsolicited connections by default.
 
I’ve been struggling with keeping another IoT device, a Schlage Encode smart lock, connected. I think that I’ve finally narrowed down the issue to turning DNS-over-TLS on in my ASUS RT-AX3000 router’s settings. I agree that this makes no sense: the device should be querying the router, and the router is doing DoT but returning the DNS resolution back over regular DNS to the device. It’s super disappointing and confusing that this is the issue. I have no idea how to debug it or if it’s even fixable. The lock would constantly lose connection; at least, it would think it’s disconnected even though the router clearly shows it connected to WiFi and assigned an IP address, which was my hint that maybe it just wasn’t communicating upstream. I even briefly tried using NextDNS to intercept and display its queries, but that didn’t give me any useful information.
 
kngklla said:
Thanks. I came across this thread where someone dug deeper with a similar issue on Wyze cameras. My guess is the same thing is happening here, the Emporia devices can’t handle the responses they are receiving from the router. I’m not sure which vendor is really to blame, but I imagine it’s the IoT devices running insufficient software:

forums.wyze.com

DNS over TLS support

I don’t think that Wyze really pays attention to complaints. Calling support is like talking to a brick wall where they run the same script over and over again. I agree DNS over TLS causes Wyze cams to drop ‘offline’ from the perspective of the app the thumbnails say offline, but when you click...
forums.wyze.com forums.wyze.com
Click to expand...

I didn't click into the Wyze link but I've been using both Wyze cameras and DoT for 2+ years now without issue.
 

...then you just need a browser, but a cam server with lots of platter space to spare is usually helpful.

[edit: I don't actually have wyze cameras, but I do have a few Dahua cams with RTSP and an older x86 PC for a camera server. If you have a nas it may have software that makes it easy to setup a cam server. It is a cloud free solution with openvpn server that works great. I'm not a big fan of cloud computing.]
 
Last edited:
kngklla said:
Interesting. Who are you using for DoT and how do you have it configured?

Thanks
Click to expand...
I'm using Cloudflare via the WAN tab in the Asuswrt-Merlin firmware. I have DNSFilter set on the router to re-route all DNS queries through Cloudflare. I'm IPV4 only also if that might matter.
 
doczenith1 said:
I'm using Cloudflare via the WAN tab in the Asuswrt-Merlin firmware. I have DNSFilter set on the router to re-route all DNS queries through Cloudflare. I'm IPV4 only also if that might matter.
Click to expand...
Ah OK. I am using the OEM firmware. Maybe certain firmware cameras aren't impacted. In the end it seems that the devices I have can't handle the replies that they are receiving from the router. I've disabled DoT for now, maybe I'll look into it again the future when I have more time to spend on it.

Thanks
 
You must log in or register to reply here.

Similar threads

jixiangyuan
BE98 DNS over TLS Problem
Replies
11
Views
733
Plak
P
H
WireGuard DNS Traffic From All Clients Sent Over First WireGuard Client Connection
Replies
7
Views
1K
HarryMuscle
H
G
Asus RT-AX58u with 1 Gig Wifi and my wifi is super slow at times. Want the best settings in DNS, Professional section, etc. Could use help please!?
Replies
3
Views
1K
drinkingbird
drinkingbird
J
DNS-OVER-TLS AND VPN — 3.0.0.4.386.45956
Replies
7
Views
2K
JTnola
J
S
After 8 years, now my wireless IP cameras lose connection to Access Point
Replies
2
Views
865
drinkingbird
drinkingbird
Similar threads
Thread starter Title Forum Replies Date
J Set up dns ASUS Wireless 12
V How do you block the DNS of a device ASUS Wireless 19
TheLyppardMan DNS Resolver Problem ASUS Wireless 2
M confused about the 3 different DNS settings ASUS Wireless 3

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,011 (members: 36, guests: 975)
Top