Legrand Home Automation DNS Change

We built our house a few years ago.  Before all the drywall went up I wired tons of networking into each room, including for for the Legrand Home Automation system and whole house audio.  The core home automation module, the HA7000, is the integration work engine of the system.  It connects to Legrand’s cloud servers for remote alerting, updating, etc.  On February 20th, 2018 they had a significant service outage and their restoration procedure is not so seamless.  Rather than following their instructions of changing my home router’s DNS forwarder I broke out tcpdump and did some digging.  So if you have a Legrand system, need to do this update, and don’t want to pass your DNS traffic to them, read on.

The instructions Legrand provided lead the home owner/installer to change the DNS forwarder setting on the router to 35.171.238.72.  Clearly what they had done was change the DNS records on this server.  This meant no changes were made by the end user to the panel directly. The panel would simply get the new IP addresses and start communicating with the new server.  Therefore all I needed were the DNS records the panel was doing a lookup on.  On the router I ran tcpdump to watch for the queries from the panel:

tcpdump -i vmx2 -n "host 1.2.3.4 and udp port 53"

For reference, VMX2 is the network card for my LAN interface and host is the IP address of the Legrand panel.  After starting this dump I rebooted the panel and discovered it was looking for various A records in the zonoff.com domain:

A? jimmies.zonoff.com. (36)
ServFail 0/0/0 (36)
A? PRdPodAras03.ZoNOfF.CoM. (41)
ServFail 0/0/0 (41)
A? prDPODAras04.zoNoFf.CoM. (41)
ServFail 0 (41)

Note: I’ve trimmed the tcpdump output above to only have the end of the capture.

This seemed fairly straightforward — just need to send the zonoff.com records over to 35.171.238.72.  In pfSense’s DNS Resolver settings, down near the bottom, you can add overrides.  I simply added zonoff.com to the list with the DNS server provided by Legrand.

I rebooted the panel one more time and watched it now successfully lookup the new records:

A? jimmies.zonoff.com. (36)
A 108.166.113.118 (52)

A? st.zonoff.com. (31)
A 23.253.161.21 (47)

A? packages.zonoff.com. (37)
A 23.253.161.21 (53)

A? pRdPOdAraS03.zOnofF.coM. (41)
A? packages.zonoff.com. (37)
A 162.242.175.143 (57)
A 23.253.161.21 (53)

After this, according to the instructions, you reboot the panel and that finishes the panel changes.  After this the zonoff.com DNS settings can be removed from your router and you should be back in business.  Another tcpdump validates the process:

18:17:59.575654 IP 1.2.3.4.49949 > 1.1.1.1.53: 3286+ A? jimmies.zonoff.com. (36)
18:17:59.612179 IP 1.1.1.1.53 > 1.2.3.4.49949: 3286 1/0/0 A 108.166.113.118 (52)
18:18:30.533814 IP 1.2.3.4.38128 > 1.1.1.1.53: 6765+ A? st.zonoff.com. (31)
18:18:30.568688 IP 1.1.1.1.53 > 1.2.3.4.38128: 6765 1/0/0 A 23.253.161.21 (47)
18:18:30.775280 IP 1.2.3.4.43255 > 1.1.1.1.53: 42327+ A? pool.ntp.org. (30)
18:18:30.791367 IP 1.1.1.1.53 > 1.2.3.4.43255: 42327 4/0/0 A 208.88.126.235, A 108.61.73.243, A 209.208.79.69, A 204.2.134.162 (94)
18:18:33.706697 IP 1.2.3.4.37200 > 1.1.1.1.53: 61256+ A? packages.intuity.legrand.us. (45)
18:18:33.737303 IP 1.1.1.1.53 > 1.2.3.4.37200: 61256 2/0/0 CNAME ec2-18-219-80-161.us-east-2.compute.amazonaws.com., A 18.219.80.161 (124)
18:18:35.795802 IP 1.2.3.4.58919 > 1.1.1.1.53: 10291+ A? packages.intuity.legrand.us. (45)
18:18:35.795987 IP 1.1.1.1.53 > 1.2.3.4.58919: 10291 2/0/0 CNAME ec2-18-219-80-161.us-east-2.compute.amazonaws.com., A 18.219.80.161 (124)
18:18:40.857090 IP 1.2.3.4.58797 > 1.1.1.1.53: 53772+ A? packages.intuity.legrand.us. (45)
18:18:40.857287 IP 1.1.1.1.53 > 1.2.3.4.58797: 53772 2/0/0 CNAME ec2-18-219-80-161.us-east-2.compute.amazonaws.com., A 18.219.80.161 (124)
18:18:43.160826 IP 1.2.3.4.32949 > 1.1.1.1.53: 16305+ A? packages.intuity.legrand.us. (45)
18:18:43.161006 IP 1.1.1.1.53 > 1.2.3.4.32949: 16305 2/0/0 CNAME ec2-18-219-80-161.us-east-2.compute.amazonaws.com., A 18.219.80.161 (124)
18:18:43.316756 IP 1.2.3.4.34099 > 1.1.1.1.53: 58318+ A? raS.IntuiTY.leGrand.US. (40)
18:18:43.358503 IP 1.1.1.1.53 > 1.2.3.4.34099: 58318 2/0/0 CNAME ec2-18-222-18-174.us-east-2.compute.amazonaws.com., A 18.222.18.174 (119)
18:18:44.983865 IP 1.2.3.4.48348 > 1.1.1.1.53: 56087+ A? packages.intuity.legrand.us. (45)
18:18:44.984049 IP 1.1.1.1.53 > 1.2.3.4.48348: 56087 2/0/0 CNAME ec2-18-219-80-161.us-east-2.compute.amazonaws.com., A 18.219.80.161 (124)
18:18:45.589194 IP 1.2.3.4.43214 > 1.1.1.1.53: 23004+ A? packages.intuity.legrand.us. (45)
18:18:45.589339 IP 1.1.1.1.53 > 1.2.3.4.43214: 23004 2/0/0 CNAME ec2-18-219-80-161.us-east-2.compute.amazonaws.com., A 18.219.80.161 (124)
18:19:37.924158 IP 1.2.3.4.60509 > 1.1.1.1.53: 24295+ A? packages.intuity.legrand.us. (45)
18:19:37.924386 IP 1.1.1.1.53 > 1.2.3.4.60509: 24295 2/0/0 CNAME ec2-18-219-80-161.us-east-2.compute.amazonaws.com., A 18.219.80.161 (124)
18:19:41.222596 IP 1.2.3.4.34330 > 1.1.1.1.53: 8050+ A? packages.intuity.legrand.us. (45)
18:19:41.222780 IP 1.1.1.1.53 > 1.2.3.4.34330: 8050 2/0/0 CNAME ec2-18-219-80-161.us-east-2.compute.amazonaws.com., A 18.219.80.161 (124)
18:19:45.241802 IP 1.2.3.4.34995 > 1.1.1.1.53: 54220+ A? hubstats.zonoff.com. (37)
18:19:45.277294 IP 1.1.1.1.53 > 1.2.3.4.34995: 54220 1/0/0 A 198.61.234.195 (53)
18:19:45.628954 IP 1.2.3.4.60755 > 1.1.1.1.53: 38549+ A? jimmies.zonoff.com. (36)
18:19:45.664000 IP 1.1.1.1.53 > 1.2.3.4.60755: 38549 1/0/0 A 108.166.113.118 (52)

Hooray!  Now back to more automating.

And as promised, here’s the instructions provided by Legrand.

SB039-HA – DNS Redirect using Existing Router