A lot of devices require internet for st least one time to set them up.

How can I set them up such that as soon as I’ve programmed them/set their schedule, I can deny them access and prevent them from being chatty back with the mothership?

  • walden@wetshav.ing
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 days ago

    This approach works sometimes, but not for a lot of IoT devices.

    PiHole, Adguard Home, Technitium, and others act as DNS servers and cache. DNS is what takes a domain name like https://climate.us/ and tell your computer the actual network address of that website. In the case of climate.us it’s 2600:9000:2032:2a00:1b:a10e:7bc0:93a1 for IPv6 and 13.32.241.53 for IPv4.

    Most computers are well behaved. When they contact your router, they ask it “hey, what should I use as my DNS server?”. If you’ve set up AdGuard Home in your LAN, your router would respond “192.168.2.69”, for example.

    At that point, your computer would ask 192.168.2.69 all of its DNS queries.

    IoT devices, on the other hand, often ignore the router when instructed to use a specific address for DNS. Google products, for example, are hard coded to 8.8.8.8. So if you’re trying to block a Google device from finding something on the internet, it gets more complicated.

    DNS traffic all happens over port 53, both UDP and TCP. So to fully capture every single DNS request coming from your LAN, you need a router which is able to filter those requests and “translate” them. So the router would step in for a request to 8.8.8.8:53 and translate it to 192.168.2.69:53. Keep in mind you also have to set your router to not do this for 192.168.2.69, because then AdGuard Home will be asking itself DNS queries, which it still needs to find out on the internet.

    That’s the hard part. From there, you check AdGuard Home or whatever, and see what addresses each IoT device is trying to reach.

    If a WiFi connected toothbrush keeps trying to reach ‘chinesetrackingcompany.com’, then you can manually block that domain. The toothbrush will try for a bit, then give up.