Hi All,
I use PFSense with DNSBL to keep my students from getting duped by the most known scams. It seems it is also blocking Hubitat from connecting to the cloud, as soon as I disable DNSBL the cloud links up.
Soooo...... Does anybody have a list of expected DNS lookups for the cloud connection that I can whitelist handy?
Cheers!
Greg
@gregwkeller You should be able to make specific exceptions for ip address'. Simply make an exception for the ip of the HE...
You mean I should force the HE to not use the local DNS on my firewall? hrm. That's a (minor) data leak. Someone should be able to tell me (without me needing to snoop packets) what the domain lookup for the HE is so I can whitelist it. I tried whitelisting *.hubitat.com but that isn't enough.
I was saying add the ip of the hubitat into the whitelist of pfsense so it ignores it. That said hubitat connects to amazon storage for downloads not hubitat.com. I also wouldn't say having HE not use the pfsense dns and instead use something like 8.8.8.8 is not a data leak or security risk.
I donβt think I can help with your question but Iβm curious. Are you using your hub in a classroom?
I think you need the IP of the Amazon url that is used it's static I'm pretty sure -- ill poke @bobbyD and @gopher.ny to make sure
Actually I have relocated my personal hub to our church and the associated Sudbury School I run at it. An unhoused person has forced his way in a couple times and startled the first person here in an unfriendly way. I have about 20 Bosch motion detectors that I'm deploying with a small army of Peanut outlets to get the zigbee network stable and stretched across all the rooms and sanctuary. Now I need a pile of door/window sensors!
We love all our neigbors, but can only change our underwear so many times.
That said, now that it's here we get to talk about automation and wireless networks and geofencing with all the kids that are curious, so we'll see if any of the students head into the rabbit hole 
if it calls an IP address the DNSBL shouldn't interfere, my guess is it's calling a name that needs to be looked up.
Thanks for poking @bobbyD and @gopher.ny : I need the notifications so I've dropped our DNSBL shields until I figure this out 
Some DNSBL also block IP's -- I think you can get the url from a remote dashboard link.
Cloud dashboard uses cloud.hubitat.com url
Hello, sorry to be the bearer of bad news, but see the thread "peanut panic". These devices while having a great zigbee signal, they change their 16 bit address like mad, wreaking havoc on things. I'm not going to recommend any of the cheap chinese zigbee 3.0 plugs that work well, as I don't want to feel responsible if they should bring hellfire. They're not UL listed and you have children in the building.
PS- I do have a Moe's zigbee plug and a cheap zigbee power strip, neither have caught fire yet, but nothing is plugged into them, just acting as repeaters.
See if Sylvania will donate some 72922 outlets to the church.
I'm with @Rxich on this. Be careful with those. The sengled plugs (oval shaped) are great alternative for zigbee mesh's
Thanks for the Tip. I've had ~20 of these for a long time, and they were so stable they even saved the terrible Fan controllers which stayed online with them, and only them, in the rafters. I'll check out the thread and see what I've been missing.
I had added ".hubitat.com" to the whitelist which should have included all subdomains, but adding "cloud.hubitat.com" to the whitelist seems to have worked!
Thanks for the nudge @Evilborg
Speaking of whitelists β and please donβt take this as criticism of our friends at ActionTiles β how do you all feel about the various places AT calls home? Part of me feels like it undoes the whole notion of local control. But then, if Google wants to know how many times I get up in the night, folks there have even less of a life than I do 
Download the Hubitat app
