Just started noticing large instances of traffic to/from dev.ezvizlife.com

Please follow the below template, it will help us to help you!

Expected Behaviour:

I started noticing large amounts of traffic to dev.ezvizlife.com. A query almost every 3 or 4 seconds.
After ‘Blacklisting’ it, my ‘Percent Blocked’ jumped from a normal 15% to 86%. How can I find out what device is generating all this traffic?

Actual Behaviour:

Jan 14 13:43:55 dnsmasq[792]: query[A] dev.ezvizlife.com from 192.168.0.1
Jan 14 13:43:55 dnsmasq[792]: /etc/pihole/black.list dev.ezvizlife.com is 0.0.0.0
Jan 14 13:44:00 dnsmasq[792]: query[A] dev.ezvizlife.com from 192.168.0.1
Jan 14 13:44:00 dnsmasq[792]: /etc/pihole/black.list dev.ezvizlife.com is 0.0.0.0
Jan 14 13:44:05 dnsmasq[792]: query[A] dev.ezvizlife.com from 192.168.0.1
Jan 14 13:44:05 dnsmasq[792]: /etc/pihole/black.list dev.ezvizlife.com is 0.0.0.0
Jan 14 13:44:10 dnsmasq[792]: query[A] dev.ezvizlife.com from 192.168.0.1
Jan 14 13:44:10 dnsmasq[792]: /etc/pihole/black.list dev.ezvizlife.com is 0.0.0.0
Jan 14 13:44:15 dnsmasq[792]: query[A] dev.ezvizlife.com from 192.168.0.1
Jan 14 13:44:15 dnsmasq[792]: /etc/pihole/black.list dev.ezvizlife.com is 0.0.0.0
Jan 14 13:44:20 dnsmasq[792]: query[A] dev.ezvizlife.com from 192.168.0.1

Debug Token:

https://tricorder.pi-hole.net/la1n7154j2

I have a second Pi-Hole device running and it is my secondary DNS. It is not detecting traffic from dev.ezvizlife.com.

Here is the debug token from my secondary Pi-Hole device.
https://tricorder.pi-hole.net/jf1s3akily

Ezviz is a IP Cameras and NVRs brand, so it should be the server used for live feeding images.
If you have one of these devices is surely sending traffic, with no success, in this case
Try to log in outside your network and check if the live stream it’s still playable,
if it doesn’t just whitelist it

All my devices look to my DD-WRT router, which is configured to use two Pi-Hole DNS servers. No DNS servers are configured on any device on my LAN.

I will troubleshoot this evening by disabling each device on the LAN and see when/if the queries to dev.ezvizlife.com stop, I have my suspicions.

Thanks, I will keep the group posted on my progress.

John

All my cameras are blocked from the internet by my router. I am sure nothing sinister is going to happen because Pi-Hole and my router are taking care of the situation.

I use another Raspberry Pi as a OpenVPN server, that’s how I am able to view my security cameras outside my network.

Thanks for the quick response and suggestions.

John

Finally got around to troubleshooting the culprit making requests to dev.ezvizlife.com.
It turns out to be my ONVIF compliant doorbell camera I purchased from Nelly’s Security a while back.
All my cameras are blocked from accessing the WAN by my router and now Pi-Hole has dev.ezvizlife.com in the ‘Blacklist’.

Not saying that it is a fault of Nelly’s, but check your network regularly.

Thanks for everyone’s help.