flyize
commented
9 months ago IIRC, Surepet resolves to an AWS load balancer. So the IPs can (and I think do) change. So even blocking IPs might not help.
Open brettjenkins opened 9 months ago
flyize
commented
9 months ago IIRC, Surepet resolves to an AWS load balancer. So the IPs can (and I think do) change. So even blocking IPs might not help.
jacotec
commented
9 months ago I know it's too late for @brettjenkins , but I have rules in my pfsense to force everyone to only connect to my pfsense for DNS. So any connection attempts to DNS ports on WAN IPs are redirected to pfsense itself. If unbound dies no one can get any DNS query as they can't talk to other DNS IPs.
jacotec
commented
9 months ago IIRC, Surepet resolves to an AWS load balancer. So the IPs can (and I think do) change. So even blocking IPs might not help.
You can use an alias with the FQDN for the block which is resolved to all IPs dynamically.
plambrechtsen
commented
9 months ago I know it's of little comfort but I recently got a pickit and was going to see if I could flash the older firmware onto a hub. The issue seems to be the bootloader is different and wasn't sent during the various updates. I have been incredibly busy with work and family life but when time permits I do want to pick up both flashing a hub using a pickit and if the esp32 and mrf24 replacement can be finished.
plambrechtsen
commented
9 months ago But if anyone wanted help flashing custom firmware with a local dns name I can help with that so there is zero chance of it happening as the hub will never talk to surepet.
brettjenkins
commented
9 months ago I know it's too late for @brettjenkins , but I have rules in my pfsense to force everyone to only connect to my pfsense for DNS. So any connection attempts to DNS ports on WAN IPs are redirected to pfsense itself. If unbound dies no one can get any DNS query as they can't talk to other DNS IPs.
It was weird, unbound itself decided to ignore the host override. It wasn't dead, it just had a weird moment
flyize
commented
9 months ago IIRC, Surepet resolves to an AWS load balancer. So the IPs can (and I think do) change. So even blocking IPs might not help.
You can use an alias with the FQDN for the block which is resolved to all IPs dynamically.
FQDN is just another DNS name. In this case, DNS poisoning failed.
fpschrisiom
commented
8 months ago I had my hub blocked from even reaching out to the internet but changed router last year, totally forgot. Same here on 233, tried everything I know to break it and my mobo is a wire and solder mess but still works.
Looking forward to onlycat as well
blubbel42
commented
8 months ago But if anyone wanted help flashing custom firmware with a local dns name I can help with that so there is zero chance of it happening as the hub will never talk to surepet.
hey there, i've got an old hub, bought used, and a pickit, and am willing to try this. Am in search for any help what to do exactly
Just a PSA - make sure you block the Surepet IPs - unfortunately for some reason, pfsense DNS resolver last night decided it wasn't going to honor the DNS override thats been there for months and return the correct IP for surepet (a restart of unbound fixed it, but the damage had already been done), so overnight the hub connected and upgraded it's firmware the the dreaded 233. Did try to downgrade as I have the old firmware in docker, but then realised they've patched the ability to downgrade, luckily I didn't brick anything in my attempt.
So just a PSA to block the IPs on the firewall as well as DNS poisoning.
I'm really annoyed at pfsense and unbound for failing, and I'm even more annoyed at surepet who seem to be anti-consumer, why can't I use the product I've paid for the way I want to?
I'll be moving to OnlyCat when it gets released, and while only cloud based at first, they have shown a lot more friendlyness to self hosted people, so I'm hopeful there.