Pete's Log: Home Assistant and DNS
Entry #1901, (Coding, Hacking, & CS stuff)(posted when I was 42 years old.)
Last night we had a brief (maybe 30 second) power outage. It was pretty windy at the time. Most things came back up fine, except Home Assistant. While Home Assistant itself did come up, most of its integrations did not. It was past my bedtime, so when a reboot didn't fix it, I just went to bed.
The errors in the HA logs pointed at network errors, and I did have a couple other minor network issues that had me wondering if the power outage did something weird to my firewall. But the other issues were easily resolved (for example, I discovered my reverse proxy pi didn't have nginx configured to autostart — oops) so I had to dig deeper into the HA logs.
Within the supervisor logs, I found that all DNS queries were failing. Weird. DNS is working for everything else. HA is configured to use DHCP for all IP settings, including its DNS server (I do have it assigned a static entry in my DHCP server).
Hmmm. Off to DuckDuckGo I go. I found several recent complaints that HA is ignoring the local DNS server and instead directly using 1.1.1.1 for DNS. 1.1.1.1 is Cloudflare's public DNS service, and while I do trust it, it certainly doesn't seem kosher for HA to be ignoring my DHCP-provided DNS server.
In any event, the issues linked above only complain that this is an issue for resolving LAN hostnames. But in my case, the subnet that HA is on is pretty restricted in how it is allowed to talk to the internet, and outbound DNS is not one of the ports I've opened. So for my case, all DNS resolution on HA is failing.
At least pfsense gives me a quick and easy solution: clone the firewall rule that redirects external NTP requests and create a rule to redirect external DNS requests to the pfsense. Reboot HA. Problem solved.
Well, not really. Symptoms solved. I am displeased that HA is overriding my DNS configuration and confused that it only started doing so after a power outage. I'll see if I have the time and energy to dig deeper anytime soon.
And one other thing: my Z-Wave network wouldn't come up either, and that should have no dependency on DNS. Yet once DNS was working, Z-Wave came up fine too. Odd. Since I'm still on the old deprecated HA Z-Wave integration and hope to migrate to Z-Wave JS soonish, this one doesn't feel worth digging into any further.