How to whitelist Xiaomi Mi Vacuum Robot?

Hello Everybody,

I am having trouble setting up the pi hole whitelist for my Xiaomi Mi Vacuum Robot. I know how to use the whitelist in general but I was not able to find out which DNS server the device is using. By the Xiaomi Mi app it is possible to monitor the device and install software updates.

I already tried whitelisting the following but it did not worked:

a.stat.xiaomi.com
abtest.mistat.xiaomi.com
api.ad.xiaomi.com
cdn.ad.xiaomi.com
data.mistat.xiaomi.com
e.ad.xiaomi.com
mlog.search.xiaomi.net
new.api.ad.xiaomi.com
notice.game.xiaomi.com
ppurifier.game.xiaomi.com
resolver.msg.xiaomi.net
sdkconfig.ad.xiaomi.com
shenghuo.xiaomi.com
ssp.ad.xiaomi.com
test.ad.xiaomi.com
test.e.ad.xiaomi.com
test.new.api.ad.xiaomi.com

Would be very greatful if you got some advice.

Thanks in advance!

1 Like

Check out

Thanks for the hint, outcome I get is the following (in case I am not allow to post this, please delete):

[details=Summary]Mar 28 17:46:18 dnsmasq[3412]: query[AAAA] account.xiaomi.com from 192.168.2.10
Mar 28 17:46:18 dnsmasq[3412]: forwarded account.xiaomi.com to 192.168.2.1
Mar 28 17:46:18 dnsmasq[3412]: query[A] account.xiaomi.com from 192.168.2.10
Mar 28 17:46:18 dnsmasq[3412]: forwarded account.xiaomi.com to 192.168.2.1
Mar 28 17:46:18 dnsmasq[3412]: query[AAAA] api.io.mi.com from 192.168.2.10
Mar 28 17:46:18 dnsmasq[3412]: forwarded api.io.mi.com to 192.168.2.1
Mar 28 17:46:18 dnsmasq[3412]: query[A] api.io.mi.com from 192.168.2.10
Mar 28 17:46:18 dnsmasq[3412]: forwarded api.io.mi.com to 192.168.2.1
Mar 28 17:46:18 dnsmasq[3412]: reply account.xiaomi.com is
Mar 28 17:46:18 dnsmasq[3412]: reply LB-AC-01-483135197.ap-southeast-1.elb.amazonaws.com is NODATA-IPv6
Mar 28 17:46:18 dnsmasq[3412]: reply account.xiaomi.com is
Mar 28 17:46:18 dnsmasq[3412]: reply LB-AC-01-483135197.ap-southeast-1.elb.amazonaws.com is 54.169.116.188
Mar 28 17:46:18 dnsmasq[3412]: reply LB-AC-01-483135197.ap-southeast-1.elb.amazonaws.com is 54.254.136.222
Mar 28 17:46:18 dnsmasq[3412]: reply LB-AC-01-483135197.ap-southeast-1.elb.amazonaws.com is 54.254.149.104
Mar 28 17:46:18 dnsmasq[3412]: reply LB-AC-01-483135197.ap-southeast-1.elb.amazonaws.com is 54.254.162.13
Mar 28 17:46:18 dnsmasq[3412]: reply LB-AC-01-483135197.ap-southeast-1.elb.amazonaws.com is 54.169.66.113
Mar 28 17:46:18 dnsmasq[3412]: reply api.io.mi.com is NODATA-IPv6
Mar 28 17:46:18 dnsmasq[3412]: reply api.io.mi.com is 58.83.160.17
Mar 28 17:46:18 dnsmasq[3412]: reply api.io.mi.com is 58.83.160.4
Mar 28 17:46:18 dnsmasq[3412]: reply api.io.mi.com is 124.243.204.61
Mar 28 17:46:18 dnsmasq[3412]: query[AAAA] LB-AC-01-483135197.ap-southeast-1.elb.amazonaws.com from 192.168.2.10
Mar 28 17:46:18 dnsmasq[3412]: cached LB-AC-01-483135197.ap-southeast-1.elb.amazonaws.com is NODATA-IPv6
Mar 28 17:46:18 dnsmasq[3412]: query[A] app.chat.xiaomi.net from 192.168.2.10
Mar 28 17:46:18 dnsmasq[3412]: forwarded app.chat.xiaomi.net to 192.168.2.1
Mar 28 17:46:18 dnsmasq[3412]: query[AAAA] app.chat.xiaomi.net from 192.168.2.10
Mar 28 17:46:18 dnsmasq[3412]: forwarded app.chat.xiaomi.net to 192.168.2.1
Mar 28 17:46:18 dnsmasq[3412]: reply app.chat.xiaomi.net is 54.255.185.236
Mar 28 17:46:18 dnsmasq[3412]: reply app.chat.xiaomi.net is 54.255.184.16
Mar 28 17:46:18 dnsmasq[3412]: reply app.chat.xiaomi.net is NODATA-IPv6
Mar 28 17:46:18 dnsmasq[3412]: query[AAAA] restapi.amap.com from 192.168.2.10
Mar 28 17:46:18 dnsmasq[3412]: forwarded restapi.amap.com to 192.168.2.1
Mar 28 17:46:18 dnsmasq[3412]: query[A] restapi.amap.com from 192.168.2.10
Mar 28 17:46:18 dnsmasq[3412]: forwarded restapi.amap.com to 192.168.2.1
Mar 28 17:46:18 dnsmasq[3412]: reply restapi.amap.com is
Mar 28 17:46:18 dnsmasq[3412]: reply restapi.amap.com.gds.alibabadns.com is NODATA-IPv6
Mar 28 17:46:18 dnsmasq[3412]: reply restapi.amap.com is
Mar 28 17:46:18 dnsmasq[3412]: reply restapi.amap.com.gds.alibabadns.com is 198.11.190.4
Mar 28 17:46:18 dnsmasq[3412]: query[AAAA] restapi.amap.com.gds.alibabadns.com from 192.168.2.10
Mar 28 17:46:18 dnsmasq[3412]: cached restapi.amap.com.gds.alibabadns.com is NODATA-IPv6
Mar 28 17:46:18 dnsmasq[3412]: query[A] restapi.amap.com.gds.alibabadns.com from 192.168.2.10
Mar 28 17:46:18 dnsmasq[3412]: cached restapi.amap.com.gds.alibabadns.com is 198.11.190.4
Mar 28 17:46:19 dnsmasq[3412]: query[AAAA] apple.com from 192.168.2.10
Mar 28 17:46:19 dnsmasq[3412]: cached apple.com is NODATA-IPv6
Mar 28 17:46:19 dnsmasq[3412]: query[AAAA] shopapi.io.mi.com from 192.168.2.10
Mar 28 17:46:19 dnsmasq[3412]: forwarded shopapi.io.mi.com to 192.168.2.1
Mar 28 17:46:19 dnsmasq[3412]: query[A] shopapi.io.mi.com from 192.168.2.10
Mar 28 17:46:19 dnsmasq[3412]: forwarded shopapi.io.mi.com to 192.168.2.1
Mar 28 17:46:19 dnsmasq[3412]: reply shopapi.io.mi.com is NODATA-IPv6
Mar 28 17:46:19 dnsmasq[3412]: reply shopapi.io.mi.com is 58.83.160.15
Mar 28 17:46:19 dnsmasq[3412]: reply shopapi.io.mi.com is 42.62.94.183
Mar 28 17:46:19 dnsmasq[3412]: reply shopapi.io.mi.com is 58.83.160.230
Mar 28 17:46:19 dnsmasq[3412]: query[AAAA] tp.hd.mi.com from 192.168.2.10
Mar 28 17:46:19 dnsmasq[3412]: forwarded tp.hd.mi.com to 192.168.2.1
Mar 28 17:46:19 dnsmasq[3412]: query[A] tp.hd.mi.com from 192.168.2.10
Mar 28 17:46:19 dnsmasq[3412]: forwarded tp.hd.mi.com to 192.168.2.1
Mar 28 17:46:19 dnsmasq[3412]: reply tp.hd.mi.com is
Mar 28 17:46:19 dnsmasq[3412]: reply LB-01-1428358939.cn-north-1.elb.amazonaws.com.cn is NODATA-IPv6
Mar 28 17:46:19 dnsmasq[3412]: reply tp.hd.mi.com is
Mar 28 17:46:19 dnsmasq[3412]: reply lb-01-1428358939.cn-north-1.elb.amazonaws.com.cn is 54.223.64.252
Mar 28 17:46:19 dnsmasq[3412]: reply lb-01-1428358939.cn-north-1.elb.amazonaws.com.cn is 54.223.160.77
Mar 28 17:46:19 dnsmasq[3412]: reply lb-01-1428358939.cn-north-1.elb.amazonaws.com.cn is 54.222.225.205
Mar 28 17:46:19 dnsmasq[3412]: reply lb-01-1428358939.cn-north-1.elb.amazonaws.com.cn is 54.222.250.70
Mar 28 17:46:19 dnsmasq[3412]: reply lb-01-1428358939.cn-north-1.elb.amazonaws.com.cn is 54.223.141.171
Mar 28 17:46:19 dnsmasq[3412]: reply lb-01-1428358939.cn-north-1.elb.amazonaws.com.cn is 54.223.128.14
Mar 28 17:46:19 dnsmasq[3412]: reply lb-01-1428358939.cn-north-1.elb.amazonaws.com.cn is 54.223.143.104
Mar 28 17:46:19 dnsmasq[3412]: reply lb-01-1428358939.cn-north-1.elb.amazonaws.com.cn is 54.223.161.128
Mar 28 17:46:19 dnsmasq[3412]: query[AAAA] lb-01-1428358939.cn-north-1.elb.amazonaws.com.cn from 192.168.2.10
Mar 28 17:46:19 dnsmasq[3412]: cached lb-01-1428358939.cn-north-1.elb.amazonaws.com.cn is NODATA-IPv6
Mar 28 17:46:20 dnsmasq[3412]: query[AAAA] lb03-pub-proxy-1538793797.ap-southeast-1.elb.amazonaws.com from 192.168.2.10
Mar 28 17:46:20 dnsmasq[3412]: forwarded lb03-pub-proxy-1538793797.ap-southeast-1.elb.amazonaws.com to 192.168.2.1
Mar 28 17:46:20 dnsmasq[3412]: query[A] lb03-pub-proxy-1538793797.ap-southeast-1.elb.amazonaws.com from 192.168.2.10
Mar 28 17:46:20 dnsmasq[3412]: forwarded lb03-pub-proxy-1538793797.ap-southeast-1.elb.amazonaws.com to 192.168.2.1
Mar 28 17:46:20 dnsmasq[3412]: reply lb03-pub-proxy-1538793797.ap-southeast-1.elb.amazonaws.com is NODATA-IPv6
Mar 28 17:46:20 dnsmasq[3412]: reply lb03-pub-proxy-1538793797.ap-southeast-1.elb.amazonaws.com is 52.76.56.216
Mar 28 17:46:20 dnsmasq[3412]: reply lb03-pub-proxy-1538793797.ap-southeast-1.elb.amazonaws.com is 52.220.73.197
Mar 28 17:46:22 dnsmasq[3412]: query[AAAA] d26e8xjmdfqs1b.cloudfront.net from 192.168.2.10
Mar 28 17:46:22 dnsmasq[3412]: cached d26e8xjmdfqs1b.cloudfront.net is NODATA-IPv6
Mar 28 17:46:22 dnsmasq[3412]: query[A] d26e8xjmdfqs1b.cloudfront.net from 192.168.2.10
Mar 28 17:46:22 dnsmasq[3412]: forwarded d26e8xjmdfqs1b.cloudfront.net to 192.168.2.1
Mar 28 17:46:22 dnsmasq[3412]: reply d26e8xjmdfqs1b.cloudfront.net is 52.222.149.26
Mar 28 17:46:22 dnsmasq[3412]: reply d26e8xjmdfqs1b.cloudfront.net is 52.222.149.186
Mar 28 17:46:22 dnsmasq[3412]: reply d26e8xjmdfqs1b.cloudfront.net is 52.222.149.106
Mar 28 17:46:22 dnsmasq[3412]: reply d26e8xjmdfqs1b.cloudfront.net is 52.222.149.174
Mar 28 17:46:22 dnsmasq[3412]: reply d26e8xjmdfqs1b.cloudfront.net is 52.222.149.184
Mar 28 17:46:22 dnsmasq[3412]: reply d26e8xjmdfqs1b.cloudfront.net is 52.222.149.168
Mar 28 17:46:22 dnsmasq[3412]: reply d26e8xjmdfqs1b.cloudfront.net is 52.222.149.76
Mar 28 17:46:22 dnsmasq[3412]: reply d26e8xjmdfqs1b.cloudfront.net is 52.222.149.117
Mar 28 17:46:23 dnsmasq[3412]: query[AAAA] home.mi.com from 192.168.2.10
Mar 28 17:46:23 dnsmasq[3412]: forwarded home.mi.com to 192.168.2.1
Mar 28 17:46:23 dnsmasq[3412]: reply home.mi.com is NODATA-IPv6
Mar 28 17:46:23 dnsmasq[3412]: query[A] home.mi.com from 192.168.2.10
Mar 28 17:46:23 dnsmasq[3412]: cached home.mi.com is 42.62.94.247
Mar 28 17:46:23 dnsmasq[3412]: query[AAAA] i.huodong.mi.com from 192.168.2.10
Mar 28 17:46:23 dnsmasq[3412]: forwarded i.huodong.mi.com to 192.168.2.1
Mar 28 17:46:23 dnsmasq[3412]: query[A] i.huodong.mi.com from 192.168.2.10
Mar 28 17:46:23 dnsmasq[3412]: forwarded i.huodong.mi.com to 192.168.2.1
Mar 28 17:46:24 dnsmasq[3412]: query[AAAA] m.mi.com from 192.168.2.10
Mar 28 17:46:24 dnsmasq[3412]: forwarded m.mi.com to 192.168.2.1
Mar 28 17:46:24 dnsmasq[3412]: query[A] m.mi.com from 192.168.2.10
Mar 28 17:46:24 dnsmasq[3412]: forwarded m.mi.com to 192.168.2.1
Mar 28 17:46:24 dnsmasq[3412]: reply i.huodong.mi.com is
Mar 28 17:46:24 dnsmasq[3412]: reply c3.big.mae.xiaomi.com is NODATA-IPv6
Mar 28 17:46:24 dnsmasq[3412]: query[A] c3.big.mae.xiaomi.com from 192.168.2.10
Mar 28 17:46:24 dnsmasq[3412]: forwarded c3.big.mae.xiaomi.com to 192.168.2.1
Mar 28 17:46:24 dnsmasq[3412]: reply i.huodong.mi.com is
Mar 28 17:46:24 dnsmasq[3412]: reply c3.big.mae.xiaomi.com is 36.110.185.69
Mar 28 17:46:24 dnsmasq[3412]: query[AAAA] static.home.mi.com from 192.168.2.10
Mar 28 17:46:24 dnsmasq[3412]: forwarded static.home.mi.com to 192.168.2.1
Mar 28 17:46:24 dnsmasq[3412]: query[A] static.home.mi.com from 192.168.2.10
Mar 28 17:46:24 dnsmasq[3412]: forwarded static.home.mi.com to 192.168.2.1
Mar 28 17:46:24 dnsmasq[3412]: reply static.home.mi.com is
Mar 28 17:46:24 dnsmasq[3412]: reply static.home.mi.com.cloudcdn.net is
Mar 28 17:46:24 dnsmasq[3412]: reply static.home.mi.com.cloudglb.com is
Mar 28 17:46:24 dnsmasq[3412]: reply c06.i06.rpnic.lv3.cloudglb.com is NODATA-IPv6
Mar 28 17:46:24 dnsmasq[3412]: reply static.home.mi.com is
Mar 28 17:46:24 dnsmasq[3412]: reply static.home.mi.com.cloudcdn.net is
Mar 28 17:46:24 dnsmasq[3412]: reply static.home.mi.com.cloudglb.com is
Mar 28 17:46:24 dnsmasq[3412]: reply c06.i06.rpnic.lv3.cloudglb.com is 183.56.172.229
Mar 28 17:46:24 dnsmasq[3412]: query[AAAA] c06.i06.rpnic.lv3.cloudglb.com from 192.168.2.10
Mar 28 17:46:24 dnsmasq[3412]: cached c06.i06.rpnic.lv3.cloudglb.com is NODATA-IPv6
Mar 28 17:46:24 dnsmasq[3412]: query[A] c06.i06.rpnic.lv3.cloudglb.com from 192.168.2.10
Mar 28 17:46:24 dnsmasq[3412]: cached c06.i06.rpnic.lv3.cloudglb.com is 183.56.172.229
Mar 28 17:46:25 dnsmasq[3412]: query[AAAA] m.mi.com from 192.168.2.10
Mar 28 17:46:25 dnsmasq[3412]: forwarded m.mi.com to 192.168.2.1
Mar 28 17:46:25 dnsmasq[3412]: query[A] m.mi.com from 192.168.2.10
Mar 28 17:46:25 dnsmasq[3412]: forwarded m.mi.com to 192.168.2.1
Mar 28 17:46:27 dnsmasq[3412]: reply m.mi.com is
Mar 28 17:46:27 dnsmasq[3412]: reply bgp.c3.big.mae.xiaomi.com is 58.83.160.210
Mar 28 17:46:27 dnsmasq[3412]: reply bgp.c3.big.mae.xiaomi.com is 58.83.160.209
Mar 28 17:46:27 dnsmasq[3412]: reply m.mi.com is
Mar 28 17:46:27 dnsmasq[3412]: reply bgp.c3.big.mae.xiaomi.com is NODATA-IPv6[/details]

For me it seems like there was nothing blocked base on the log, do you have an idea? I was loading the app and tried connecting to the vacuum when I was capturing the log file.

I don't see any queries getting blocked in that log either. If you disable Pi-hole, does the app work?

No, even if I disable Pi Hole it isnt working. I think it has something to do with my router. I reset the xiaomi mi vacuum in order to hook it up to my wifi again and the process is the following:

  1. Open the xiaomi mi app
  2. Choose the device you want to connect
  3. Enter wifi credentials
  4. Connect to the mi vacuum within the iphone wifi settings
  5. Go back to the app -> It hooks up the vacuum to the internet (here I get an error that it was not successful)

I think there is an issue within my wifi that my router in combination with the local dns server (pi hole) is not forwarding the vacuum as they used to do without the pi.

Already saw that my fritz.box 7490 router is blocking DNS rebind, maybe this option is making trouble. Therefore I whitelisted the added the addresses pi hole is forwarding during the setup within my router

[details=Summary]i.huodong.mi.com
bgp.c3.big.mae.xiaomi.com
c3.big.mae.xiaomi.com
m.mi.com
account.xiaomi.com
api.io.mi.com
app.chat.xiaomi.net
shopapi.io.mi.com
tp.hd.mi.com
m.buy.mi.com
home.mi.com
mobile.mi.com[/details]

It's still not working and keep driving me nuts. Any suggestion/idea what my router/pi hole is blocking of the process?

In addition pi.hole/admin is not working, only myip/admin works for me.

You need to whitelist the Pi-hole's IP address in the DNS rebind protection.

After adding

pi.hole

to my routers DNS rebind whitelist I am able to connect to pi holes webinterface by pi.hole/admin.

Still nothing changed in regard of the vacuum, conntecting to my WIFI is not possible since I am using pi hole. Let me know if I can help with additional logfiles, etc (even if pi hole logfile should be not the issue).

Try disabling the router's DHCP server and enable DHCP on the Pi-hole.

Before I am doing all of the DHCP reconfiguration stuff. Did I understand the DNS rebind process correctly? DNS rebind is only refusing DNS addresses which are trying to forward to a local IP, right? To my understandingn whitelisting the appropriate xiaomi DNS in the DNS rebind option should do the work.

My concern is that the internet access is still managed by my fritzbox router and I can not disable DNS rebind there, I am only able to do whitelisting. Because of this it shouldnt make a difference if the local IP gets assigned by the router or the pi, shouldnt it?

Check for an update to the router, it might enable you to specify a local DNS server:

If you're ok with manually whitelisting though both the router and Pi-hole, then your current setup is ok. Changing the DHCP server should allow you to avoid the DNS rebind issue.

I too have Xiaomi smart products, Most of the domains you mentioned are blocked on my pihole, everything is working fine. I think it's the problem with MiHome app itself...

I have the same connection issue when trying to use pihole. I found out that when I use the pihole adress as the local dns adress in my router DHCP settings than the connection is not possible. If I remove the local DNS in my router, my roborock can connect again. Unfortunatly so far I have no solution to use the automatic dhcp with the local dns of the pihole and the Xiaomi Roborock. So my solution is at the Moment to set the DNS Adress on every PC manually to the Pihole adress. Thats quite a bummer because guests that lock into our WiFi do not benefit from my pihole.

Hi,

Have you tried opening the Xiomi software on your system? I had the same problem and doing that worked for me!