0

2024 Ubiquiti DNS Shield Configuration Issue

I noticed that Ubiquiti now allows the use of DNS Shield which allows DNS over HTTPS within the Dream Machine Pro's Controller software. I also noticed that NextDNS has 3 entries in the UniFi control panel by default (see attached screenshot). I have a paid NextDNS Pro account. How do I force Ubiquiti's settings to use my specific paid account? In other words, how do I set it to use "https://dns.nextdns.io/XXXXXX" as an entry?

38 replies

null
    • Dex
    • 2 mths ago
    • Reported - view

    On the NextDNS setup guide, select Linux, scroll down to DNSCrypt and you will find your sdns:// url

     

    Paste sdns:// into the Custom DNS Stamp within Unifi. Server name is for your own refrence.

    • Brian.13
    • 4 wk ago
    • Reported - view

    Are there any benefits of this UI option in UDM or does CLI still perform everything and then some?

      • Eric.9
      • 4 wk ago
      • Reported - view

       I believe CLI has better functionality (i.e., client identification).  There are a lot of us who are afraid to install the CLI for fear it'll break something with a future firmware update.

      • NextDNs
      • 4 wk ago
      • Reported - view

       which shouldn’t be a concern as it requires a reinstall on firmware updates

      • Eric.9
      • 4 wk ago
      • Reported - view

       Even if it needs to be reinstalled with each firmware update, it makes me reticent to use it because I'm afraid installing it on a fresh firmware update will break things.

      There's enough reason to doubt continued development of the CLI since development of NextDNS is stagnant and the developers/founders seemed to have shifted their entire focus to dns0.eu instead.

      • NextDNs
      • 4 wk ago
      • Reported - view

       the founder and maintainer of the CLI is using UDM at home with the CLI, so you are guaranteed any issue would be noticed quite quickly with this setup. The CLI is quite stable and never created any issue on UDM's firmware.

      • Brian.13
      • 4 wk ago
      • Reported - view

       thanks Staff! I can concur I've been using CLI for years with ZERO issue, just reinstall after update. So no qualms there. Sounds like CLI is the way to go for now since I like have my devices identified. and Console offers no feature advantages.

      • JWARE
      • 4 wk ago
      • Reported - view

       Yes, by having this in the OS of the UDM, you can use Policy-based routing to do things like Domain name-based routing of specific domains to a VPN tunnel.  For me, its well worth this function vs the "nice to have" of seeing what client name made a specific request from a site. YRMV

      • Eric.9
      • 4 wk ago
      • Reported - view

      Does it use DoH or DoT?

    • Lukas_Beran
    • 3 wk ago
    • Reported - view

    Is NextDNS CLI for Unifi using the Unifi's built-in superold version of dnscrypt or is it using something else shipped with NextDNS CLI?

      • R_P_M
      • 3 wk ago
      • Reported - view

       NextDNS CLI uses its own implementation of DoH. 

    • David_A.1
    • 6 days ago
    • Reported - view

    FYI CLI install is broken in 4.1.9 :-( Moving back to no client identification by using the gui option

    • Defender
    • 7 hrs ago
    • Reported - view

    I’m about to roll the dice and take a fellow member’s lead and use the Control D CLI on my UniFi EFG, but point it to NextDNS.  This will allow us to use DoH3.

Login to reply

Content aside

  • 7 hrs agoLast active
  • 38Replies
  • 9435Views
  • 18 Following