The eero 6 currently has a 5th MAC address which it doesn't report in the app.

In bridge mode it uses this address to obtain an IP address via DHCP on whatever network the eero is attached to. This gives the device its own route to the internet for:

• DNS to hard-coded nameservers
• NTP to hard-coded timeservers
• http://eeroup.com/up.css as a connectivity sentinel
• https (port 443) something from amazon ec2 using a SSL cert with an eero-specific CA.
• ports 6003 and 6500 to stackpathedge.net.
• ports 6500 to various samknows1 hosts on Level3.net

The eero ignores DHCP settings which provide a nameserver and which provide an ntp host. It likely has name and time servers hard-coded (like christensenplace.us and ntp15.doctor.com) in order to bypass potentially adversarial ISP settings.

It's possible to reroute all DNS and NTP traffic from the eero to the internal services, but it would be best if there were a setting to actually honor the configuration of the network that the eero is part of rather than having to watch for mystery MAC addresses requesting IPs and then using firewall logging to see what that IP is doing.

This would also enable the eero to do reverse DNS to automatically assign names to devices, even when configured in bridge mode.

Oddly, the eero does honor DDNS settings, and will register the IP it obtains with the local DNS service... but isn't smart enough to use unique names if there's more than one eero on the network in bridge mode. Two eeros will fight with each other to use the host name "eero" -- this should likely be changed to use perhaps eero-$devicename (such as eero-office or eero-livingroom).