We have received feedback from users, in the router feedback, seeing 2A accessing port 53 from a non-existent IP address(203.0.113.x), and are very concerned about this issue.
From initial investigation, this is due to the fact that we have enabled SNTP Time Source in the firmware, and its default address accesses (0.pool.ntp.org - 1. pool.ntp.org - 2.pool.ntp.org) to determine the Internet time, which is used to assign meaningful time to internal messages such as logs.
If your are using Manual IPs make sure to configure a DNS Server (dns1, dns2) or use only IP addresses for the NTP servers.
about the 203 prefix ip address:
Our initial assumption is that this fake 203 address is a non-existent dns address given by the router's privacy protection mechanism (since you isolate them in a private vlan) to fool the sensors. Will look forward to the results of your tests (it's easy to predict which DNS address the device will use using the test firmware).
To be able to confirm that the address of the access target on port 53 is a possible address, we have created a 2A network debugging firmware that you can flash from here (https://tool.screek.io/debug_tool/2a-network-info/), you need a USB connection to a PC in order to write this test firmware. After writing the firmware, visit the device's IP page and you will see more detailed information about the device's network, which includes the DNS servers that the device is assigned to.
In the future, we will consider removing this time service mechanism in favor of getting the time source directly from the HA.
In addition to enhanced optimization of sensor stability and careful selection of hardware, we also pay close attention to privacy and security. In the future we will try to eliminate this internet clock mechanism and try to use HA as a time source.