Eero Plus Susbscription?

[ncage]

For those that have Eero mesh networks have you considered the new Eero Plus subscription? I have a wifi mess in my house right now. With 3 wifi networks (6 if you include 2.5 & 5ghz) and multiple wifi range extenders. I still have areas in the house where the connection isn't the greatest. So i decided to purchase a 2nd gen Eero mesh system. I still trying to decide if i will retain my current pfsense router but for this question thats probably unimportant.

Anyways the Eero plus is $10 a month or $100 a year (eero Plus: Worry Free Wifi Security). In the marking material they don't go into a lot of details but after some research i think they are doing filter by DNS (which answers my first question if it could deal with HTTPS filtering). With that being said how is this "much" different than what you would get out of OpenDNS and if i did i probably could no longer use AdGuard's DNS which i have been enjoying because it being able to block ads from devices that are a little difficult to block ads from (but not impossible) like android.

 

[ncage]

So i know a lot more than when i originally asked this question and i thought i would provider some detail. Eero plus does in fact use DNS filtering to do its magic. If your bored some day and want to research this details look at ZScaler. ZScaler is an enterprise company that offers a company a "firewall in the cloud" type service. This not only protects company devices behind the companies on firewall but also protects company assets (remote employees) anywhere in the world. Its pretty slick technology.

A lot of what i'm describing isn't really information you would find out there. I had to figure it out on my own. Anyways the router/eero does deep packet inspection looking for DNS packets (UDP/TCP Port 53). When it finds a dns packet it rewrites it and send it into the zscaler cloud. The zscaler cloud is then able to filter out malware, ads, ect... You will still get your old DNS enteries you used to get from your router before you enabled eero plus. So your dns will still appear (8.8.8.8 if you were using googles dns).

A small bug i found was i had an invalid dns server before i switched to eero plus. nslookup will still use the dns server on whatever machine your using to do dns lookups. So essentially my nslookups were failing. I had to essentially turn all the eero plus features off on my network so i could enable a valid dns server (with eero plus enabled they don't allow you to change the dns server anymore...its grayed out).

So this filtering does have its pros/cons. Because of the way it works i'm not able to use whatever dns server i please (sometimes i switch for varies reasons) because in the end the dns packet will just be rewritten & sent to zscaler cloud servers. The big advantage of this would be if a machine got compromised on your network & the dns server of the machine was updated it wouldn't matter because it would still use zscaler. The malware filtering & family safety worked VERY good in my testing. The ad blocking was descent but not nearly as good as ublock origin. Of course that doesn't prevent you from running ublock origin but it would be nice if you could lighten up your browser a little bit by not running it.

The biggest question i have in my mind right now is will this feature continue to work when dns of tls gets adopted. I think unless your forced to install a certificate on each device it won't but only time will tell. ZScaler does offer a lot more features then what eero plus offeres but your talking big money for something like that.

In the end i think eero plus is a heck of a deal for what you get and i'm going to subscribe.