I have a number of IOT things.

I setup a firewall rule

Direction Lan/RT/VPN -> Wan

Source IP 192.168.0.170~192.168.0.225 Filter Block immediately
In the syslog I then get multiple entries of devices continually attempting to connect to time.google.com. To such an extent the log rapidly fills up.

I then setup LAN DNS Resolution / Conditional DNS Forwarding

time.google.com redirect to 192.168.0.37 << Synology NAS with time service enabled
The number of entries trying to connect to time.google.com falls dramatically from 1 per second to once every 2 hours

If I ping time.google.com it resolves to 192.168.0.37

If enter w32tm /stripchart /computer:time.google.com /dataonly /samples:1
returns
Tracking time.google.com [192.168.0.37:123]. << My router redirecting
Collecting 1 samples.
The current time is 08/03/2023 10:22:34.
10:22:34, +00.0226190s


Yet in In the syslog I get

[192.168.0.183](https://192.168.0.183) DNS -> [8.8.8.8](https://8.8.8.8) inquire [time.google.com](https://time.google.com)

[192.168.0.181](https://192.168.0.181) DNS -> [208.67.222.222](https://208.67.222.222) inquire [time.google.com](https://time.google.com)

Somehow the device issue an https command that is not redirect


It would appear the device not being redirect to local time server.



I am at a loss how to proceed. Any help would be grateful

Router is Vigor 2962
Draytek Switch G2280X
Ap 903
AP 1000c
Ap 802

There is a response to your post on Reddit.

What is the desired outcome you are looking for as its not clear?

The object is to prevent a range of addresses accessing the internet.
When I block the range 192.168.0.175 ~ 192.168.0.225

The devices in this range continually try to connect to time.google.com, almost every second. Resulting in thousands of requests.
I take this as proof the firewall block works

Therefore I set up DNS forwarding for time.google.com to redirect to 192.168.0.37 synology DSM22+ with NTP service running.

Yet when I check the log there is a DNS request
[192.168.0.183](https://192.168.0.183) DNS -> [8.8.8.8](https://8.8.8.8) inquire [time.google.com](https://time.google.com)

The devices now only poll the time sever every 2 hrs. I would prefer they obtained the time from the synology.

Thanks for responding

If it were me, I would either add something to the local hosts file on the devices you want to re-direct so that time.google.com resolves to your Synology IP or deploy a name server like a Pihole and resolve time.google.com to your Synology there.

Hi thanks for the reply, the devices which are using time.google.com are part of IoT such as light switches, smart sockets. Therefore I don't have access to the host file.

I have setup in the Lan DNS/Dns forwarding on the 2962.
which forwards local requests to time.google.com to 192.168.0.37
When I ping time.google.com returns
ping time.google.com

Pinging time.google.com [192.168.0.37] with 32 bytes of data:
Reply from 192.168.0.37: bytes=32 time=1ms TTL=64
Reply from 192.168.0.37: bytes=32 time=114ms TTL=64

192.168.0.37 is the synology running NTP service. Unfortunately there is no log function, so I can't confirm the smart switches connect to the NTP service.

From draytek log

192.168.0.190 DNS -> 8.8.8.8 inquire time.google.com

The device appears to bypass the DNS settings, an early reply from another member. mentioned a type 65 DNS request maybe the cause. Something apple implemented. I am not clear what that actually is. Perhaps a PI hole could circumvent this.