DNS Abuse
I use CleanBrowsing.org for web filtering on my network. Every two days I have to power-cycle my three Eero 6 APs because they all start making dozens of DNS queries per second, totaling somewhere around 7 million queries per day. All successful I might add, so it's not like I'm blocking these.
Top Allowed domains
# Domains Quantity
#1 edge.e2ro.com. 5074173
#2 eeroup.com. 1553564
#3 node.e2ro.com. 188355
Is mining my data that important?
10 replies
-
I don’t believe they mine our data. They can’t see what we look at it. I hope one of the eero devs and speak to why it’s so many. But I’m not sure. It could be normal.
-
I did get an email response from support and they say "those numbers aren't out of the ordinary."
I disagree. 6.8 million requests in a day, several hundred thousand per hour is overkill for three access points. I should probably have mentioned that I run these devices in bridge mode, so they aren't routing or proxying DNS for other devices.
I see what I would consider an average amount of telemetry/command and control traffic out of the Eero when I do not select the Ads & Tracking category in CleanBrowsing. It's only once Ads & tracking blocking is enabled that it starts sending dozens of requests per second. I see CleanBrowsing block a number of services in Vultr Holdings IP space and then the number of DNS requests per second skyrocket. hb.undertone.com, htlb.casalemedia.com, ib.adnxs.com, prg.smartadserver.com, sb.scorecardresearch.com, and a number of others.
One last thing. My router's DHCP server is configured to hand out two internal DNS servers on my network, which are the only devices allowed through the firewall for external DNS. This lets me see when a device goes rogue and tries to bypass content filtering by using public DNS providers. My Eero APs are perfectly functional, the LED is solid white, the App manages them fine... but they are trying to bypass my content filter via OpenDNS and Google DNS. I want to know why. There is something, some hosts they can't resolve with Ad & Tracking filtering enabled that it is trying to get via public DNS providers.
-
Update:
Hello,
I'd like you to tell me the exact issue you're having in as much detail as possible. I'm aware you're concerned about the DNS queries, but I also know that people don't look into something like that without another issue happening. What's been happening that caused you to look into your DNS queries? From what I can see, one of your issues is that one of your nodes is throttling pretty heavily which results in it going down.
From,eero Support
_______
It’s not that complicated a reason. I was setting up a client in the CleanBrowsing.org website and noticed on the huge usage graph at the top of the page that there was a mountain of a usage spike. Looking at the CleanBrowsing dashboard, it indicated that my home network was consuming over 6 million DNS hits per day, over 150k per hour – far above normal. Taking that as a massive flaming tower of an indicator that something was off on my home network, I logged into my home router ( Untangle NG Firewall) and checked the logs. It showed that my three Eeros were querying the servers I mentioned several times per second. First time it happened; I did what any reasonable person would do. I unplugged the Eeros from power, waited a few seconds, and plugged them back in. This seemed to fix the problem, so I continued my day.
A few days later I was in the CleanBrowsing dashboard again and saw another mountain of a usage spike, again coming from my home network. I did the same troubleshooting steps of logging into my home router, but this time I added DNS records to the router that would point edge.e2ro.com, eegroup.com, and node.e2ro.com to 127.0.0.1 while I worked on the issue. I repurposed two Raspberry Pi 4 devices and converted them to pi-hole appliances. I put firewall rules in the router to only allow the pi-hole appliances through to external DNS, set the pi-holes to use the Untangle router as their upstream DNS provider, and changed my DHCP server config to hand out the pi-hole appliances IPs as the network’s DNS servers. I also turned off the pi-hole’s default filtering rules, as I only want to use them as a GUI front-end for dnsmasq for its caching feature.
Instead of Host > Untangle NG FW/Router > CleanBrowsing DNS we are now at Pi-hole(s) dnsmasq > Untangle NG FW/Router > CleanBrowsing DNS.
The Eeros are still making many thousands of DNS requests, but the pi-holes dnsmasq service supports caching, so it isn’t blowing through my CleanBrowsing monthly quota every two hours. The Eeros that are meshing have solid white LED indicators. The wired Eero has a solid red LED indicator. All three Eeros are manageable via the IOS app, and were updated to eeroOS 6.11.1 this morning.
I should also mention that the wired Eero is still trying to use Google DNS and OpenDNS to bypass my content filter. The other two are fine.
-
Update on this topic: My support case was escalated to L2. Good news, the latest Eero software release seems to have fixed the excessive queries.
However, the Eeros are now proxying DNS requests even though they are in bridge mode. There is no reason for a bridge AP to proxy DNS. I don't want this, it messes up network monitoring by showing thousands of DNS requests coming from the AP instead of the end client. I'm looking for a new WiFi vendor.
-
I’m moving on from eero too. The complete lack of transparency around data collection and analytics is absurd. These devices are like spyware on our networks. Over the past year I’ve started encountering regular unexplained network performance issues and I’m certain it’s the eero software doing things that aren’t directly related to what I bought the device for - my personal home wireless network. Case in point just try to temporarily turn off eero secure to use custom dns settings. It’s not possible by design. And to think they also charge $ for the “service”. If I pay for it then stop using it to mine my data.
Content aside
-
1
Likes
- 1 yr agoLast active
- 10Replies
- 663Views
-
6
Following
