How can I stop cameras from making so manyt DNS requests
I have security concerns over the use of the C100 and C200 Security Cameras.
In any 24 hour period a single camera makes around 22,750 DNS requests to one of five addresses.
The requests are split as:
euw1-relay-dcipc.i.tplinknbu.com 14071
n-device-api.tplinkcloud.com 1239
n-devs-dcipc.tplinkcloud.com 1029
n-deventry-dcipc.tplinkcloud.com 620
Each camera records to a microSD, is not connected to the app, and is kept separated from my main network. I access it (if I need to, which is not often) via a privately set up VPN directly to the devices MAC/IP address.
Is there a way to stop each camera from making so many requests (other than simply blocking them via a pi-hole)?
Also, what is the need for each camera to make so many requests out of my network? I do not believe it is simply to check for software updates as all camera work fine with no updates what so ever.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Celico Yes, once the camera receives a valid response it then only requests the relay URL once every 15 mins thereafter.
- Copy Link
- Report Inappropriate Content
@KalleKat Well kinda. I did use the feedback option in the iOS app and told them the issue. They answered with "yeah that's normal, the camera needs to send requests to the cloud relay blah blah". I answered back that this is BS since this is happening way too often and didn't happen before. Now they want a diagnostic protocol from me. There is an option for that as well in the app. It saves it on the microSD apparently. The issue is gone currently for me so I can't do it at the moment. Maybe you guys could do it as well so this issue gets fixed asap. It's under advanced settings -> diagnostics. You can attach that protocol to the feedback in the app. It's pretty easy to do actually.
- Copy Link
- Report Inappropriate Content
Started happening to mine as well. It started just today a few hours ago. It keeps trying to connect to the aps1-relay-i-0a7d5a3cb50e1c5e6.dcipc.i.tplinknbu.com , which when I did nslookup , doesn't exist. That might be the main cuz. Looks like the DNS record for these domain names has been removed for some reason and seems like the smart cameras are programmed to keep trying until a response is found.
- Copy Link
- Report Inappropriate Content
@bemole Since it looks like TP-Link are not engaging with this issue, then this is the only current solution that is practical (DNS rewrite) https://community.tp-link.com/en/smart-home/forum/topic/578442?replyId=1164306
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Thanks... The DNS rewrite seems to work OK for me. Obviously not ideal as the majority of users don't have a custom DNS solution (Pi-Hole / Adguard). A solution needs to be found here!
- Copy Link
- Report Inappropriate Content
Just a quick update on this...
Checked on my DNS server and the offending camera has now stopped requesting URL's that do not exist (for now), so possibly there has been some update by TP-Link of valid servers for the cameras to select ?
Anyone else still having this issue ?
- Copy Link
- Report Inappropriate Content
@Tescophil mine stopped as well. Lets hope it stays that way...
- Copy Link
- Report Inappropriate Content
Hi all, i had a lot of DNS requests using Adguardhome as well, i had a firewall rule in my router to redirect all DNS queries to my adguardhome instance, and then every 6 seconds i got a lot of dns requests from tapo cameras.
my advice is this:
Create a NAT rule that rewrites the source of the DNS response (the PiHole or Adguardhome) to match the intended source (the hardcoded DNS of the cameras).
i used this tutorial.
htt ps://jeff.vtkellers. com/posts/technology/force-all-dns-queries-through-pihole-with-openwrt/
i hope this help you guys.
- Copy Link
- Report Inappropriate Content
3 weeks nothing and now it started up again.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 6
Views: 12541
Replies: 72