How can I stop cameras from making so manyt DNS requests
I have security concerns over the use of the C100 and C200 Security Cameras.
In any 24 hour period a single camera makes around 22,750 DNS requests to one of five addresses.
The requests are split as:
euw1-relay-dcipc.i.tplinknbu.com 14071
n-device-api.tplinkcloud.com 1239
n-devs-dcipc.tplinkcloud.com 1029
n-deventry-dcipc.tplinkcloud.com 620
Each camera records to a microSD, is not connected to the app, and is kept separated from my main network. I access it (if I need to, which is not often) via a privately set up VPN directly to the devices MAC/IP address.
Is there a way to stop each camera from making so many requests (other than simply blocking them via a pi-hole)?
Also, what is the need for each camera to make so many requests out of my network? I do not believe it is simply to check for software updates as all camera work fine with no updates what so ever.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Solla-topee We are asking for the C100 not the C200!
- Copy Link
- Report Inappropriate Content
Hi,
For your C100, you can send an email to support.forum@tp-link.com with Title ' [Forum ID 578442 ] Model + Tap Cam DNS Query Beta ' and the C100's MAC and TP-Link ID to get a beta firmware, and then check if it will solve the problem.
Best Regards
- Copy Link
- Report Inappropriate Content
Subject: Re: How can I stop cameras from making so many DNS requests?
Hey there!
If you're looking to reduce the number of DNS requests made by your cameras, here are a few steps you can take:
-
Static IP assignment: Assign a static IP address to each of your cameras. This way, they won't have to constantly query for IP addresses through DNS.
-
Local DNS caching: Set up a local DNS caching server on your network. This can help reduce the number of external DNS requests by storing previously resolved IP addresses.
-
Firewall rules: Configure your firewall to block outbound DNS requests from your cameras to external DNS servers. Instead, allow them to how to stop communicate with the local DNS caching server mentioned earlier.
-
Firmware updates: Check if there are any firmware updates available for your cameras. Sometimes, manufacturers release updates that optimize network communication, which could potentially reduce the number of DNS requests.
By implementing these steps, you should be able to limit the excessive DNS requests made by your cameras. Let me know if you have any further questions!
- Copy Link
- Report Inappropriate Content
@ronsteriod412 What is this? It was already confirmed to be a bug and a patch (at least for the C200) has already been deployed. Not sure what your answer is for...
- Copy Link
- Report Inappropriate Content
@ronsteriod412 Thanks for the advice, I have stopped the DNS queries from leaving my network it is just annoying that they clog up my pihole network so finding other sites that are blocked near impossible, but I have become more acquainted with the software now and know how to filter the results so not a big deal anymore.
Still the top 7 sites blocked, in a 24 hour period, by my pihole are as follows:
Domain | Hits | Frequency |
---|---|---|
rtsp-dcipc.tplinknbu.com | 17435 | |
euw1-relay-i-0eb0a910865d982f6.dcipc.i.tplinknbu.com | 14564 | |
aps1-relay-dcipc.i.tplinknbu.com | 14476 | |
euw1-relay-i-05617405c733ebc34.dcipc.i.tplinknbu.com | 14463 | |
n-device-api.tplinkcloud.com | 3832 | |
n-devs-dcipc.tplinkcloud.com | 3144 | |
n-deventry-dcipc.tplinkcloud.com | 1888 |
Still they aren't getting out of the network so there's a boon!
- Copy Link
- Report Inappropriate Content
@TheBear I know what you mean. I have three tapo cameras and have been dealing with it for quite a while. None of what tp-link has done, has resolved anything.
I blocked internet access to all these cameras completely in my router, except for a one minute window everyday for the devices to connect to a time server. This way they do no longer show up in your pi-hole log.
This, of course, also means that using the the tp-link app no longer works, which is fine by me. I don't think it's a very good app and it has been promoting their paid service too aggresively anyway.
Instead, I use one of the raspberry pi's already in my network to host Homebridge and camera.ui. These two services in particular make these cameras(and many others) available in Apple HomeKit. The cameras are available for me to view in the Home app and Secure Video works with this as well. There are other projects like these that make third party cameras available in other apps and services. Scrypted is one of them, and at the moment it looks like it can pretty much take any camera and make it available in any smart home app/service.
Alternatively, you can still use rtsp to get the live feed of your camera and use that in whatever way you see fit.
- Copy Link
- Report Inappropriate Content
I can confirm that the beta software for the C100 fixes the DNS query issue.
Took a couple camera of restarts but as of now it seems everything is working.
Disclaimer:
I had internet access enabled for the C100 until now, just deactivated that again and will see if it goes erratic.
My C200 stays silent with internet access disabled, so fingers crossed.
- Copy Link
- Report Inappropriate Content
Time for an update and it seems i have been premature to say the issue is resolved.
Both cameras C100 and C200 have started / keep flooding my network with DNS requests.
C100: Version 1.3.6 Build 230512 Rel. 47982n(4556)
C200: Version 1.3.6 Build 230424 Rel. 77225n(4555)
- Copy Link
- Report Inappropriate Content
@MHG_82 still the same for my two cameras, although I have a C200 & C210 - unless this gets fixed, my next camera will not be a TP-Link product.
- Copy Link
- Report Inappropriate Content
I regularly check my logs to see if anything has changed. Sadly, nothing has changed. I don't expect anything will ever change and assess this as TP-Link's flawed consumer unfriendly way of doing business. Very dissappointing.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 6
Views: 12207
Replies: 72