I recently setup an internal PiHole DNS server and have found that my Wyze Cam v3 is attempting about 60,000 DNS lookups per day. Most of these are to non-existent hosts/domains. There are four domains which have almost equal lookups, about 17,000 per day. They are:
Hmm, well needless to say I’m not buying any more Wyze 3 cameras until they get this fixed. I really like the low light performance of this camera but if each one is going to generate this many DNS requests to bogus domains I don’t want them on my network.
Because why? The performance impact is likely negligible and there is not yet an indication of a security vulnerability, just apparently very careless coding…
all to the same domains:
wyze-general-api.wyzecam.comv1
wyze-general-api.wyzecam.comv1.#
wyze-general-api.wyzecam.comv1.localdomain
wyze-general-api.wyzecam.comv1.wlan0
Also a pi-hole user. My two v2 cams are the top users on my network. They also have hard coded DNS addresses in use so you aren’t seeing everything. I’m blocking port 53 for all devices on my network except the pi-hole. Also 853 for DNS over TLS.
We’re going to need a stateful inspection OUTBOUND firewall if they go to DNS over HTTPS.
I need to block outbound 53 on my network, too and just force everything through my dual pihole setup. Currently logging 36k requests on a single v3. WTF?
I ended up adding an entry for some of the bogus domains on my Pi-hole. Just did a lookup of what the IP address should be for wyze-general-api.wyzecam.com and added a DNS entry on the Pi-hole for wyze-general-api.wyzecam.comv1. That seemed to calm things down.
I’m hoping somebody from Wyze is listening in and a bug is already submitted for this.
So - after rebooting the v3 camera running firmware 4.36.0.248 last night the issue seemed to go away only to return at just before 0800 as you can see by the orange uptick above.
These lookups rapidly ramp up and dwarf the rest of my DNS lookup traffic.