Echo Dot - a quick PiHole-Review

Hi,

bought an Echo Dot for testing if it’s useful for me and for doing a review with PiHole.
Here is my quick review for the last 24h:

queries/24h:
~1300! (even if it’s “sleeping” or micro is turned off)

There is no change in traffic/queries if Alexa gets voice input, which is really strange. Maybe some important queries are not routed through PiHole, is this possible?

most queries/24h:
device-metrics-us.amazon.com ~410
kindle-time.amazon.com ~300
spectrum.s3.amazonaws.com ~300
ntp-g7g.amazon.com ~210

Even if all 4 are blocked, echo dot works as usual, maybe someone has an answer for this?
Blocking vsp-alexa-eu.amazon.com doesn’t make any difference, as it’s not in the query list.
See: Blocking Alexa (Amazon voice assistant)

1300 queries a day if it’s not really used, wow !

@EDIT: Echo dot uses SSL Port 443 for transfering voice information, so PiHole does not recognize this!
If this port is blocked, Alexa shuts up :wink: but traffic via PiHole continues…

From the setup instructions from this site http://beointegration.com/uploaded/Amazon_Echo_and_IFTTT.pdf

KHIMO is a great service that provides an encrypted and very secure remote access to
devices.
Note it is Encrypted link, I think the Pi-hole would not work to block it.
Second opinion needed.

FYI, if you're in North America, you probably have to block Alexa by blocking the URL vsp-alexa-na.amazon.com

Remember that Pi-hole is a DNS server, not a proxy. It does neither care nor know about which ports a user uses to connect to somewhere.

Sure, they can, for instance, hard-code their own DNS server (like 8.8.8.8) because they know this works and so they do not have to rely on the DNS servers of your ISP. If you can do this, try blocking port 53 to the web from any device on your network except your Pi-hole. They may even use DoH or something else, but let's go step-by-step, not immediately assume the worst from the beginning.

Well, this seems to fit to

they seem to query their domains the entire day and then simply cache the results. So they can use them whenever they want. If the do it or not can then not be deducted from the DNS activity itself. This has pros and cons. The biggest pro is that there are no (additional) delays whenever you need a function. This is probably what they wanted to do. No extra waiting for DNS answers in a voice command.

@Coro, you have replied to a 3 year old post :wink: