DNS Abuse

I use CleanBrowsing.org for web filtering on my network. Every two days I have to power-cycle my three Eero 6 APs because they all start making dozens of DNS queries per second, totaling somewhere around 7 million queries per day. All successful I might add, so it's not like I'm blocking these.


Top Allowed domains
# Domains Quantity
#1 edge.e2ro.com. 5074173
#2 eeroup.com. 1553564
#3 node.e2ro.com. 188355

Is mining my data that important?

10replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • I don’t believe they mine our data. They can’t see what we look at it. I hope one of the eero devs and speak to why it’s so many. But I’m not sure. It could be normal. 

  • I did get an email response from support and they say "those numbers aren't out of the ordinary."

    I disagree.  6.8 million requests in a day, several hundred thousand per hour is overkill for three access points.  I should probably have mentioned that I run these devices in bridge mode, so they aren't routing or proxying DNS for other devices.

    I see what I would consider an average amount of telemetry/command and control traffic out of the Eero when I do not select the Ads & Tracking category in CleanBrowsing. It's only once Ads & tracking blocking is enabled that it starts sending dozens of requests per second. I see CleanBrowsing block a number of services in Vultr Holdings IP space and then the number of DNS requests per second skyrocket. hb.undertone.com, htlb.casalemedia.com, ib.adnxs.com, prg.smartadserver.com, sb.scorecardresearch.com, and a number of others.

    One last thing.  My router's DHCP server is configured to hand out two internal DNS servers on my network, which are the only devices allowed through the firewall for external DNS.  This lets me see when a device goes rogue and tries to bypass content filtering by using public DNS providers.  My Eero APs are perfectly functional, the LED is solid white, the App manages them fine... but they are trying to bypass my content filter via OpenDNS and Google DNS.  I want to know why.  There is something, some hosts they can't resolve with Ad & Tracking filtering enabled that it is trying to get via public DNS providers.

    • TheLostBryan you’re right and eero is wrong. Those numbers are what you’d expect to see for medium to large businesses or government agencies, not for residential. I use Quad9 for my DNS, and when I emailed them, I was told we do less than 15.000 DNS queries a day working and playing  from home. Per Quad9, OpenDNS, Cloudflare, and the FCC, the average for residences is roughly 10-15,000 queries a day for work-at-home/gaming. 

      Like 1
    • Richard1864 I agree.  I don't see these numbers from my K12 or Government customers even on a busy day.

      The fallback to public DNS behavior is something I see in other devices when I turn on ad/tracking filters. Roku devices, for example, will try using OpenDNS and Google DNS if you block scribe.logs.roku.com. There are plenty of forums asking why Roku makes so many DNS requests Unfortunately, I would expect a media consumption device to pass analytics back to its mothership so a Roku calling home isn't unexpected. My WiFi infrastructure calling home beyond management and control is unexpected and concerning.

    • TheLostBryan TheLostBryan we have Apple TV’s for our streaming devices, and even they don’t “call home” like that. I’m actually wondering if maybe there is some malware living on one or more of your devices; that’s the only thing I can think of that behaves like that. 

      Like 1
    • Richard1864 Our Apple TVs are similarly well-behaved and don't mind the content filter one bit.  It's just the Roku and now Eero devices, apparently.  I have a few new-in-the-box Roku Express 4k+ devices to install today.  We'll see if they phone home aggressively after install.

  • Update:


    I'd like you to tell me the exact issue you're having in as much detail as possible. I'm aware you're concerned about the DNS queries, but I also know that people don't look into something like that without another issue happening. What's been happening that caused you to look into your DNS queries? From what I can see, one of your issues is that one of your nodes is throttling pretty heavily which results in it going down. 


    eero Support



    It’s not that complicated a reason. I was setting up a client in the CleanBrowsing.org website and noticed on the huge usage graph at the top of the page that there was a mountain of a usage spike. Looking at the CleanBrowsing dashboard, it indicated that my home network was consuming over 6 million DNS hits per day, over 150k per hour – far above normal. Taking that as a massive flaming tower of an indicator that something was off on my home network, I logged into my home router ( Untangle NG Firewall) and checked the logs.  It showed that my three Eeros were querying the servers I mentioned several times per second.  First time it happened; I did what any reasonable person would do.  I unplugged the Eeros from power, waited a few seconds, and plugged them back in.  This seemed to fix the problem, so I continued my day. 


    A few days later I was in the CleanBrowsing dashboard again and saw another mountain of a usage spike, again coming from my home network. I did the same troubleshooting steps of logging into my home router, but this time I added DNS records to the router that would point edge.e2ro.com, eegroup.com, and node.e2ro.com to while I worked on the issue. I repurposed two Raspberry Pi 4 devices and converted them to pi-hole appliances.  I put firewall rules in the router to only allow the pi-hole appliances through to external DNS, set the pi-holes to use the Untangle router as their upstream DNS provider, and changed my DHCP server config to hand out the pi-hole appliances IPs as the network’s DNS servers.  I also turned off the pi-hole’s default filtering rules, as I only want to use them as a GUI front-end for dnsmasq for its caching feature.


    Instead of    Host > Untangle NG FW/Router > CleanBrowsing DNS   we are now at  Pi-hole(s) dnsmasq > Untangle NG FW/Router > CleanBrowsing DNS.


    The Eeros are still making many thousands of DNS requests, but the pi-holes dnsmasq service supports caching, so it isn’t blowing through my CleanBrowsing monthly quota every two hours.  The Eeros that are meshing have solid white LED indicators.  The wired Eero has a solid red LED indicator.  All three Eeros are manageable via the IOS app, and were updated to eeroOS 6.11.1 this morning.

    I should also mention that the wired Eero is still trying to use Google DNS and OpenDNS to bypass my content filter.  The other two are fine.

  • Update on this topic:  My support case was escalated to L2.  Good news, the latest Eero software release seems to have fixed the excessive queries. 

    However, the Eeros are now proxying DNS requests even though they are in bridge mode.  There is no reason for a bridge AP to proxy DNS.  I don't want this, it messes up network monitoring by showing thousands of DNS requests coming from the AP instead of the end client.  I'm looking for a new WiFi vendor.

  • I’m moving on from eero too. The complete lack of transparency around data collection and analytics is absurd. These devices are like spyware on our networks. Over the past year I’ve started encountering regular unexplained network performance issues and I’m certain it’s the eero software doing things that aren’t directly related to what I bought the device for - my personal home wireless network. Case in point just try to temporarily turn off eero secure to use custom dns settings. It’s not possible by design. And to think they also charge $ for the “service”. If I pay for it then stop using it to mine my data. 

    Like 1
    • I miss the days when a device would do its job and not be a vehicle to monetize customer data.  I pulled 12 year old WLAN equipment out of storage because my modern equipment was taking directions from an outside entity and making changes without my knowledge.

      Even my garage door opener is getting in on the act.  My 7 year old Chamberlain MyQ opener now refuses to work unless it can use Google’s DNS.  It’s last software update appears to have hard coded it.  Why is it so important that someone else know when I open or close my garage door, that they go to great lengths to ensure that critical data isn’t stopped by an ad and tracking filter.  If anything, it’s proof that everyone needs DNS filtering.  DNS ad & tracking blocking is effective enough that the companies that monetize that data are working to get around the block.  I’ve been a technology advocate my entire life, and I now find myself in the uncomfortable position of promoting the previous generation of technology because current generation is working against my best interest.

Like1 Follow
  • 8 mths agoLast active
  • 10Replies
  • 116Views
  • 4 Following

Need Help? We're here for you!

We're big on support, and we want to make sure you always have the best eero experience possible. Here are several resources you can use if you ever need our help!

Quick links

Community Guidelines

Help Center

Contact eero support