Potentially, but precision is important, especially if you’re going to make sweeping claims about a topic, acting as an authority.
Potentially, but precision is important, especially if you’re going to make sweeping claims about a topic, acting as an authority.
This is absolutely not what DNSSEC is. DNSSEC provides authenticity of the response, not privacy. You’re describing a means of encrypted name resolution, like dns-over-tls, dns-over-https, etc.
I haven’t done a code review so I can’t answer that question with facts. I do think however, that anything that bootstraps a FLOSS framework like openwrt could easily be a risk to privacy.
You use privacy and security interchangeably here. They are not the same.
If you have any question on truth worthiness, you can flash stock openwrt on them. You just lose out on their proprietary webUI and pre installed plugins. I believe their firmware is public on GitHub though.
Yeah, put that trash in prison!
That all sounds correct to me. The random port you’re seeing in the logs is a high port, often referred to as an ephemeral port, and it is common for source ports. All good there.
It’s just an NTP pool. The device is trying to update it’s time. Likely it made many other requests to other servers when this one didn’t work.
Maintaining up to date lists of anything is a game of whack a mole, so you’re always going to get weird results.
If you’re actually unsure, pcap the traffic on your pfsense box and see for yourself. NTP is an unencrypted protocol, so tshark or Wireshark will have no problem telling you all about it.
That said, I’d still agree with the other poster about local integration with home assistant and just block that sucker from the Internet.