am 15. Mai 2024 12:37
In my network, I provide my own DNS-Server, which is distributed via DHCP. The Bosch Controller receives it and resolves ~10k requests per day (which I think is already awefully lot). All of them get successfully resolved.
Besides this, the controller tries to contact and as DNS servers all the time (which I redirect to my DNS). My firewall prevents any outgoing DNS traffic, except from my DNS server.
Why does the current firmware not respect the DNS settings it retrieves via DHCP? How can I reduce the amount of DNS traffic, which the gateway produces?
thank you.
15. Mai 2024 16:20 - bearbeitet 15. Mai 2024 16:23
@dht The BSH Controller is searching frequently for updates and with every mobile use of the BSH App, the controller will be contacted over the cloud. To receive messages from the BSH App (alarm on, off,…) although contact to the Bosch cloud is necessary. May be this can help you to set up your DNS-server correctly.
am 15. Mai 2024 16:35
Well I did not contact my router at all, still he resolves the same webpage roughly two times per minute. This is a strange behaviour, isn't it? An also why does the router not follow the settings it receives via dhcp?
can I query the network settings via the rest api somehow?
am 15. Mai 2024 19:01
10k per day seems very unusual. I just captured my SHC's DNS traffic for an hour. The only frequent requests are A / AAAA queries for every 5 minutes, so < 300 per day. And I don't see any queries directed to DNS servers other than the ones I've configured in DHCP.
Are you sure all of these queries actually originate from your SHC?
am 17. Mai 2024 09:39
hm, this sounds strange. I get much more requests. I did isolate the gateway now, such that it is clear, that the traffic indeed comes out of this box (restructuring the network and putting the gateway on a dedicated physical port of the firewall).
am 16. Mai 2024 04:32
@dht i think, if the controller could not reach the cloud it will try it again and again.
am 17. Mai 2024 09:44
The controller is reachable from the app when the mobile phons is connected to the internal network. If i switch of WIFI on the phone an restart the app, it fails to connect, though (The option "Fernzugriff" is activated though). This did work in the past, though.
Here is a snapshot of my pi.hole DNS Server, showing only some of the latest requests of the gateway. Especially the requests to aws look strange. Are these reasonable / okish?
Also I can not access the gateway using I get an Error:
Undocumented | TypeError: Load failed |
am 17. Mai 2024 10:12
Dear @dht,
thank you for your feedback. Please tell us more about your problems via our support, so we can analyze it more efficiently.
Thank you!
Smart regards
am 17. Mai 2024 10:27
Well, what information do you need? And are the connections to aws ok from your perspective?
am 18. Mai 2024 02:33
The queries in your screenshot are all normal, just not that frequently. This might indeed be caused by the SHC not being able to connect to these servers. Remote access not working further supports this suspicion. Does your SHC have unrestricted Internet access?
For local API access, did you check the documentation on GitHub?
am 18. Mai 2024 09:23
Hi Maurice,
thank you! I will check out the docu. So far I simply clicked in and copy&pasted the resulting curl calls from there.
for the weekend i am away from my network, but next week i will
* change the cable to ensure it is not an unreliable connection due to the cable
* set up a mirror port on the switch and tcp dump in to see, if the connections are stable.
internet for the SHC is not unrestricted (i block or redirect all dns queries), but outgoint TLS is unrestricted and I did not see any filtered packages from/to SHC on the firewall (some opnsense device).
thank you all for your help!
am 17. Mai 2024 10:57
I now tried to connect to the rest api directly via curl, but I am missing the Root CA Certificate "Smart Home Controller Productive Root CA". Where can I find it?