2024 Ubiquiti DNS Shield Configuration Issue

Brian I believe CLI has better functionality (i.e., client identification).  There are a lot of us who are afraid to install the CLI for fear it'll break something with a future firmware update.

NextDNS Even if it needs to be reinstalled with each firmware update, it makes me reticent to use it because I'm afraid installing it on a fresh firmware update will break things.

There's enough reason to doubt continued development of the CLI since development of NextDNS is stagnant and the developers/founders seemed to have shifted their entire focus to dns0.eu instead.

NextDNS thanks Staff! I can concur I've been using CLI for years with ZERO issue, just reinstall after update. So no qualms there. Sounds like CLI is the way to go for now since I like have my devices identified. and Console offers no feature advantages.

Brian Yes, by having this in the OS of the UDM, you can use Policy-based routing to do things like Domain name-based routing of specific domains to a VPN tunnel.  For me, its well worth this function vs the "nice to have" of seeing what client name made a specific request from a site. YRMV

NextDNS Does it use DoH or DoT?

Lukas NextDNS CLI uses its own implementation of DoH. 

David A is this still broken? CLI? what is the error etc?

Brian No error even with debug it just does nothing when running the command.

Welp... it's working now....

Defender did that work and survive updates? 

Radman I just updated one of my sites to Unifi OS 4.1.13 and the NextDNS CLI v1.44.3 installation was in a running state...but traffic was not actually going through NextDNS - confirmed this by successfully visiting a URL that was blocked AND confirmed that no traffic was seen in the logs. 

Running NextDNS Restart via CLI instantly fixed it. Perhaps a restart of the device would have also done the same thing...will test that on another site when I can.

James similar to me, 2 sites, both were updated to 4.1.13, in both cases the CLI survived the update and was passing traffic via NextDNS, but neither reported the device name. I reran the config and accepted all the same settings and now working.

seems its not quite right.

Radman  Interesting, I wonder why we're getting slightly different results. I just tested upgrading to 4.1.1.3 at another site and the experience was exactly the same as before - the NextDNS installation survived the upgrade and shows as running but the only traffic in the logs were from clients that have the app installed (ie not relying on the CLI installation). 

I restarted the console which didn't help, ran a few commands via SSH  (Start, Upgrade, Run and Activate) just to see if they would help but none of them did. The only one that got it working for me was Restart. 

Still, this a great improvement! 

James interesting that a full console restart, which “should” also involve the CLI being restarted didn’t work, but restarting the service did. Guess that command line restart does something else, my pick would be it re-reads the config or something, as what I did was rerun the install command and just hit enter 3 times to accept the current profile and settings.

progress but still need to remember!