Huge quantity of DNS inquiries

An ongoing problem that seems to have avoided resolution: Massive number of DNS inquiries from WyzeCams. Here’s an example: Last evening over a period of ten minutes one of our v3 cameras made 3552 DNS queries as reported by the PiHole DNS proxy. That’s about 6 per second! WTF? (No, it’s not a wi-fi issue – the AP “hears” the camera at -60dBm.)

This issue has been reported here in the Forum numerous times and in tickets 1850905 and 1803709, neither of which were resolved.

Where’s the action on the issue? Indeed, a greater question may be “how can Wyze be trusted?”

1 Like

I’d like to hear this too, even though I have minimized the importance in the past.

I wonder whether this sporadic behavior might be due to

  1. An expected hard coded external DNS resolver being offline

Or

  1. The external resolver or other server erroneously maintaining an open connection from its side, misleading your log that it was initiated internally. There was at least one report here of a remote media or P2P server repeatedly trying to reinitiate a connection on its own.

Hi. My thoughts …

n expected hard coded external DNS resolver being offline

  • Unlikely 9.9.9.9 and 1.1.1.2 would both be off-line and also – the queries were serviced from cache. And, I am not seeing the other 25+ clients (including two more WyzeCams) relying on the PiHole doing this.

The external resolver or other server erroneously maintaining …

  • Interesting thought. Looking at the log, the PiHole replied with cached data so I really don’t think that’s what’s happening here. And, we’re seeing this only with Wyze – not the other clients. The others are well behaved.

I should add that we’ve seen this behavior at two other locations where WyzeCams are installed. We’re thankful we have PiHoles to report this behavior – otherwise wed’ never know.

Are those your chosen ones? I was talking about resolvers hard coded in the firmware, attempting to bypass the ones handed out by your local DHCP. Wyzecams seem to have had a few such instances.

Ahhh, OK. 1.1.1.2 and 9.9.9.9 are the upstream DNSs used by the PiHole. So, if a DNS was hard-coded into the Wyze gizmo I would not see it via the PiHole.

Now, having said that at least at one time 8.8.8.8 was hard-coded into Wyze W and was used to check to see if the unit was on-line. I discovered that dramatic over-activity via a different means, reported it, and was told that, yes, it was too frequent and a FW release would fix it. Did they do so? Unknown – but I will be checking. That issue was discovered by looking at session status in a router (a Peplink Balance 380.) It may be that Wyze simply changed the “on-line check” to use the DNS assigned via DHCP and they never fixed the real issue. Regardless, trust is certainly lacking.

1 Like