Solved Work-around for Wyze Devices with issues when Router has DNS-over-TLS (DoT) Enabled

[DroidST]

Wyze Devices with connection / recording issues when DNS-over-TLS (DoT) is enabled in the Router
Wyze Cam v2
Wyze Cam Outdoor
Wyze Wired Doorbell
Wyze Bulbs

Cam v3's, see me comment below.

Issues reported on the Wyze Forum (Wishlist) - Those having issues, please upvote!

DNS over TLS support

My Wyze doorbell camera will not connect to the internet if my router is setup to use DNS over TLS (DoT). Please add support to the Wyze doorbell camera for DoT

forums.wyzecam.com

.
First, I want to thank @OzarkEdge who replied to one of my posts about needing to disable DNS-over-TLS (DoT) to Add (Setup) his Wyze Cam v2.

Primary Router is a RT-AX86U running stock Asuswrt 3.0.0.4.388_20566. Android App Version 1.0.0.7.37

There are three (3) Work-around Options - I am using the Option #2 (I want to keep my Wyze devices on Guest Network 1 and available on all AiMesh Nodes).

_______________________________________________________________________________________________________________________________________
OPTION #1

I want to thank @bbunge for Option #1

There is a work around if you want most of your clients to use DoT:
Under LAN - DHCP Server - Manually Assigned IP around the DHCP list - add the problem clients to this list and give them a specific DNS Server.
For this to work the clients will have to be on the main LAN or Guest network 2 or 3.
I just tested this with my DoT set to Cloudflare and the client tested, a Pi4, with a manually assigned IP address and Google DNS. DNS Leak Test sites showed the Pi using Google DNS. The rest of my LAN use the router, and its DoT, as a DNS server.

_______________________________________________________________________________________________________________________________________
OPTION #2

With Option #2 or #3 below, you may still have to temporarily disable DoT to Add/Setup a Wyze Device (including when you need to change its WiFi Network). Simply disable DNS-over-TLS (DoT) in the Router, Add/Setup your Wyze Device and enable DNS-over-TLS (DoT) again. I had to do this for one of my Wyze Floodlights (which has a Cam v3) to change its WiFi now that I have my Guest Networks spanning all AiMesh Nodes.

I want to thank @Tech9 and @Paliv for Option #2
NOTE: I have tested this with several of my problem Wyze devices, which are on Guest Network 1
and the RT-AX86U WAN | DNS Privacy Protocol option set to DNS-over-TLS (DoT). I will be doing additional testing over the next few days, including doing this for my other problem Wyze devices. I'll update this Thread.

Requires ASUS Router App - Finally a reason for me to use it. NOTE: You should be able to skip/decline the option to enable Remote Access from WAN (and I think there are two other options the App wants to enable). I am still able to use the App while connect to my LAN.

1. Open the Asus Router app on your phone (I'm using Android).
2. Select Devices
3. Select a Wyze Device with issues
4. Select Safe Browsing
5. Select Security
6. Press Apply

if you select security for "Safe Browsing" it will use 1.1.1.2.

_______________________________________________________________________________________________________________________________________
OPTION #3

I want to thank @RMerlin (he developed DNS Filter) for Option #3
If you are using Asuswrt-Merlin, you should be able to use DNS Filter to force the problem Wyze Devices to specific DNS Servers, (eg. 1.1.1.2, 1.0.0.2). No Filter option (under DNS Filter) for the problem Device may work as well.

_______________________________________________________________________________________________________________________________________

I have a Wyze cam v2 on current/latest AX86U_49599 release. The only issue is to not use DoT during cam setup.

This 388 code base firmware contains almost everything else most folks used to install Asuswrt-Merlin for. There is VPN Fusion for simple selective routing, DDNS with external IP detection, more settings in WAN/LAN pages, DNS-over-TLS, even form of DNSFilter in App. Take a look and decide.

My only gripe is having to use the app for the DNS Filter-like solution. But I just use ISP DNS these days for best household harmony anyway.

If you select a Device under the Devices menu it is the "Safe Browsing" option. All it does is use a filtering DNS. Which one it uses depends on which option you select. Strangely Cloudflare isn't selectable in the Web GUI, but if you select security for "Safe Browsing" it will use 1.1.1.2.

.

 

[DroidST]

Reserved

 

[OzarkEdge]

*****
OzarkEdge said:
I have a Wyze cam v2 on current/latest AX86U_49599 release. The only issue is to not use DoT during cam setup.
*****

To clarify for this new context, all of my Wyze cams (v2 and v3) on guest1 WLANs (router and node) prior to f/w 388.20566 cannot be setup/added ("connection timed out") while DoT is enabled (Quad9 and CloudFlare Security).

And I recall same result using other WLANs, not just guest/guest1 WLANs.

Workaround is to temporarily disable DoT to complete cam setup... then they can be used normally with DoT enabled.

I have not yet tried cam setup with latest 388.20566 firmware... I believe the issue is related to how Wyze wants to communicate with its cloud and is not related to ASUSWRT.

I have no other Wyze products.

OE

 

[george993]

Wow, thanks! I had problems with my Amazon Smart Thermostat not communicating when I used DoT. Using your second option (using the phone app), they now communicate. Thanks again.

George

 

[DroidST]

Wow, thanks! I had problems with my Amazon Smart Thermostat not communicating when I used DoT. Using your second option (using the phone app), they now communicate. Thanks again.

George

What is the model number of the Thermostat and f/w version (if possible)? Also, if you are on a Guest Network, which Guest Network (1 or 2/3)?

You can edit your post above or just reply.

In Post #2, I can list Wyze Device Model # with f/w version and other devices with DoT Issues where these solutions worked.