There is a significant bug with DNS on the 6.3.0-2030 firmware!

If "Advanced Security" is enabled under eero Secure, DNS queries for non-existent records now return SERVFAIL instead of NXDOMAIN.  This is horribly out of spec and can cause a lot of weird behavior when doing more than just browsing the web and such.

This behavior is independent of the Labs "Local DNS Caching" feature.  I've isolated it to "Advanced Security".

With "Advanced Security" enabled:
 

% host -t AAAA gfet25141.foobar.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

Host gfet25141.foobar.com not found: 2(SERVFAIL)
 

With it disabled:
 

% host -t AAAA gfet25141.foobar.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

Host gfet25141.foobar.com not found: 3(NXDOMAIN)

This also implies that the eero is intercepting all DNS queries if the feature is enabled, even those not specifically directed at it, which I find pretty alarming.  That should at least be documented behavior in the UI so that customers know their device is manipulating their network traffic.