Hey all,
For security, I force all network devices to use a DNS server I manage. I block access to other DNS servers (protocol wise).
Rachio 3 is working fine as far as I can tell. And it is making queries appropriately for NTP and AWS, but my firewall has blocked several attempts from Rachio 3 to make DNS queries to 8.8.8.8.
With some tinkering, I could determine what name it’s attempting to resolve using 8.8.8.8. But I thought I would ask here first.
Hey! I did a little digging and from what I can tell, there’s no concerns there. The Rachio controller will default to Google’s public DNS in the case that it fails to get a DNS server provided by the DHCP client. So no concerns with getting updates, nor any service going rogue here. Just a fallback in the case that it times out trying to receive the DNS from the DHCP.
As for why it didn’t get the address from the DHCP, I couldn’t say. Sounds like most of the time it receives it just fine, and in these few cases, it failed. If you block DNS requests to other servers, worst case it may appear as offline until it receives the proper server from the DHCP client but it doesn’t seem like you’re running into that.
Appreciate the response!
Given that the device receives both it’s own IP and the DNS IP from the same DHCP server (at the same time), it would be weird for the device to be able to communicate at all (have an IP), yet not know the provided DNS server IP. I’d expect 2 possible conditions 1) Not work at all as a network device (no IPs for anything) 2) Work normally using the provided network IP and DNS server IP (IPs for everything).
But, no need to respond further. I have extreme paranoia with cloud connected IoT devices. Which is probably the correct amount of paranoia.
I understand. While I don’t personally work on the firmware, I did search for any references to 8.8.8.8 (Google’s public DNS) and do see it clearly mentioned that it’s when we don’t get it from DHCP. It looks like that defaults after a time out, maybe 20 seconds or so, but I’m not sure the exact flow of operations it takes.
I do a similar thing on my network, but rather than block DNS that doesn’t go through my router, I set up a redirect in the firewall that redirects all traffic out to port 53 (DNS) back to my DNS server.
Thanks. Makes sense.
I made some assumptions based on the forum being on rachio.com, with a sub forum labeled “Tech Support” (and feedback, among others), and seeing what appear to be Rachio employees responding in some threads.
