If you’re encountering issues with your Cam Pam v3 cameras but newer cameras are just fine (Cam v4) check if your router has DNS over TLS enabled.
For some reason, older cameras are not compatible with DNS over TLS during setup and startup (reboot cycle).
Wyze engineers must certainly fix this issue or, at bare minimum, document this behavior!!!
No one knows if you [Wyze] don’t tell us the limitations!!!
1 Like
If you have DOT enabled on the LAN, that isn’t surprising, actually I’m surprised the newer ones work with it. If you have it on the WAN only it shouldn’t have any impact unless you’ve also blocked clients from attempting to connect to other DNS servers using non-DOT (even then, unless the wyze cams have a hardcoded DNS in them, that shouldn’t matter either).
Typically home setups that have enabled DOT have standard DNS from client to router (or pihole, or whatever you’re using for DNS), then the router proxies those requests and uses DOT/DOH/etc to connect to your public DNS.
Enforcing it for the LAN side would likely cause issues for more than just Wyze cams.
I don’t know what “DOT” acronym is; we may be saying the same thing; please confirm or correct. I just know what I tried over three weekends of “support” and three different routers. The CAM v4s worked perfectly every time. The Cam Pan v3s failed 100% of the time. Then, I started taking everything down to the roots (factory reset router) and incrementally add features and…boom! CAM PAN v3 (or combination with the app???) does not work with DNS over TLS on setup (or startup from my observations).
This is not documented. Period. There is no documentation stating the Wyze Cam Pan v3 cameras do not support DNS over TLS.
Support never provided any such guidance. Their guidance was to their existing posts. Not bad, but I already did all of that before I contacted support.
It did not get better; they sent me a survey about not helping me.
DOT = DNS over TLS.
Are you running it on the LAN between clients and your router/dns server?
There is also no documentation stating it doesn’t support 6ghz wifi. But it doesn’t. Unless it specifically says it does something, attempting to do it is at your own risk. Again if you aren’t running DOT on your LAN (no real reason to) I don’t see why it would be an issue if you’re running it between your router and your DNS provider.
In reality running it on the WAN really isn’t all that beneficial either. Just adds latency.
Not sure it matters, I stated I discovered the cameras (all three cam pans v3) would not connect. But, if you want to continue…
AT&T fiber connection to their “router” that I configured as a “bypass” so my router would appear as a public IP and serve local devices. I changed to DNS over TLS several months ago. At that time, I neither owned nor operated any Wyze cameras–I didn’t know they existed!!
I purchased two Wyze v4 Cam cameras and the worked perfectly.
I purchased tow Wyze Cam Pan v3 cameras and they would not connect to the app. They’d get an IP address and connect to the router, but not to the app.
Days of testing and three different routers later…DNS over TLS…f***s up Wyze Cam v3 communication.
Do you disagree that they should do some work on it?
I appreciate your comments, but why should we have to figure this out on our own?
They literally state the cameras only support 2.4 GHz band. They repeat it in their documentation. I mean, at least the ones I read. Maybe there are other cameras that they skim over that nuanced form of wireless communication. And I mean no disrespect either. I’m brand new to Wyze products… Two-three weeks new, in fact.
Maybe I misunderstood you or I conveyed a different environment than what you may have expected, I created a 2.4GHz only environment in the days of testing and, at this point, it doesn’t matter. There is no point to discussing the environment. The issue is the Wyze Cam Pan v3 does not support DNS over TLS while the Cam v4 does. Period. Full stop. So, they can support it; whether their device firmware, QR code, versus blue tooth setup has anything to do with it is in their engineers’ hands.
I would not expect them to add a DOT client into the v3 firmware ever. I highly doubt the v4 supports it either, and that your issue probably lies in the fact that enabling DOT typically also enables blocking of all other DNS requests.
You still have not answered how you are using DOT. Are you using it on the LAN or the WAN? Are you preventing clients from connecting to DNS servers that you don’t specifically allow?
Like I said, I suspect it isn’t a DOT issue, but probably that the v3 (much older code and totally different connection methods than the v4) is probably trying to do a direct DNS lookup to a hardcoded server, and if you’re blocking that, it fails. When you disable DOT you’re likely also disabling the bypass block, allowing that direct DNS communication to work.
If you can’t explain your setup for DNS and DOT it is mostly just guesswork on my part. If you can run a sniffer or TCPdump then you can see exactly what is happening and exactly what is being blocked.
One of the disadvantages of enforcing DOT is it can cause issues with some clients, depending how strict you set it up. DOT (and DOH and other similar protocols) are ones you really shouldn’t mess with if you don’t have a thorough understanding of them.
Seems like a pretty silly thing to get so upset with Wyze over and demand a firmware update, especially when you don’t seem to understand what the actual issue probably is. Trust me, you’ll find much bigger bugs/issues as you use them more.
I am not a network engineer. I can only tell you what I test, observe, change, and observe.
I never said I expected a firmware update. I actually don’t feel I am particularly “upset” with Wyze. I would just like that their documentation state they don’t support DNS over TLS for certain devices. Just document the limitations. That’s all.
I can make workarounds. I just need to know that I need to do so.
I could make some ridiculous similes or metaphors, but I’ll skip that.
Relevant documentation is what I ask. Like I said, they already said 2.4 GHz band was only supported; I never expected any other band to be supported. I can read and do research. Do I expect Wyze to fix everything for me, no. But, they should be able to tell me what their products can do and where they have limitations. I do not believe that’s asking too much.
And, if they don’t want to answer, that’s fine. Then, the consumers can decide whether they want to buy.
This has gotten WAY beyond what I intended.
Document supported features or what’s not supported. I can make decisions from there.
I don’t expect to be treated special because I “found something” maybe.
Just tell me what’s supported.
Trial and error does not result in a smoking gun especially when enabling DOT does much more than just enable DOT, typically adding several DNS based restrictions and filters along with it. I can throw two cameras out the window and have one work after and one not. Doesn’t mean one camera supports being thrown out the window.
That list is potentially endless and probably wouldn’t help you since you don’t have an understanding of what you’re doing with your DNS setup.
However now that you’ve shared that enabling DOT (and the associated DNS restrictions that come with it) interferes with setup of the Panv3, now others may potentially benefit from that information. This forum essentially becomes a list of what is and isn’t supported, though like I said, there will never be a comprehensive list of every possible combination.
Hi all, if you made this far, I am sorry. This should have not devolved to whatever this is now. The intention was to help people who may be having a similar issue.
Here are some helpful links to an issue from over three years ago on the Wyze forum. It has people contributing in a positive manner with workarounds for using DNS over TLS. It cites sources and thanks people for their contribution.
DNS over TLS support - Wishlist / Probably Not - Wyze Forum
It references this article, too:
Solved - Work-around for Wyze Devices with issues when Router has DNS-over-TLS (DoT) Enabled | SNBForums
Thank you for those who came years before me to provide helpful solutions in a positive manner.
Read those now before some other individual jumps in and tells people they’re dumb and their observations are wrong.
That article tells you the same thing I did, that blocking a cam from accessing external DNS and/or attempting to force it to do DOT on the LAN won’t work. The workarounds are bypassing that requirement for the cams. Of course the most sensible workaround is just to disable the fairly useless and problematic DOT feature.
You came in with demands and attitude, you should expect responses in kind.