0

2024 Ubiquiti DNS Shield Configuration Issue

I noticed that Ubiquiti now allows the use of DNS Shield which allows DNS over HTTPS within the Dream Machine Pro's Controller software. I also noticed that NextDNS has 3 entries in the UniFi control panel by default (see attached screenshot). I have a paid NextDNS Pro account. How do I force Ubiquiti's settings to use my specific paid account? In other words, how do I set it to use "https://dns.nextdns.io/XXXXXX" as an entry?

42 replies

null
    • Jason_Miles
    • 3 mths ago
    • Reported - view

    BTW I did find this DNS Stamp Calculator for DNSCrypt.  Wasn't sure if there are instructions on how to use it to generate a DNS Stamp for NextDNS.  Thanks.
    https://dnscrypt.info/stamps/

    • Dex
    • 3 mths ago
    • Reported - view

    On the NextDNS setup guide, select Linux, scroll down to DNSCrypt and you will find your sdns:// url

     

    Paste sdns:// into the Custom DNS Stamp within Unifi. Server name is for your own refrence.

    • Brian.13
    • 1 mth ago
    • Reported - view

    Are there any benefits of this UI option in UDM or does CLI still perform everything and then some?

      • Eric.9
      • 1 mth ago
      • Reported - view

       I believe CLI has better functionality (i.e., client identification).  There are a lot of us who are afraid to install the CLI for fear it'll break something with a future firmware update.

      • NextDNs
      • 1 mth ago
      • Reported - view

       which shouldn’t be a concern as it requires a reinstall on firmware updates

      • Eric.9
      • 1 mth ago
      • Reported - view

       Even if it needs to be reinstalled with each firmware update, it makes me reticent to use it because I'm afraid installing it on a fresh firmware update will break things.

      There's enough reason to doubt continued development of the CLI since development of NextDNS is stagnant and the developers/founders seemed to have shifted their entire focus to dns0.eu instead.

      • NextDNs
      • 1 mth ago
      • Reported - view

       the founder and maintainer of the CLI is using UDM at home with the CLI, so you are guaranteed any issue would be noticed quite quickly with this setup. The CLI is quite stable and never created any issue on UDM's firmware.

      • Brian.13
      • 1 mth ago
      • Reported - view

       thanks Staff! I can concur I've been using CLI for years with ZERO issue, just reinstall after update. So no qualms there. Sounds like CLI is the way to go for now since I like have my devices identified. and Console offers no feature advantages.

      • JWARE
      • 1 mth ago
      • Reported - view

       Yes, by having this in the OS of the UDM, you can use Policy-based routing to do things like Domain name-based routing of specific domains to a VPN tunnel.  For me, its well worth this function vs the "nice to have" of seeing what client name made a specific request from a site. YRMV

      • Eric.9
      • 1 mth ago
      • Reported - view

      Does it use DoH or DoT?

    • Lukas_Beran
    • 1 mth ago
    • Reported - view

    Is NextDNS CLI for Unifi using the Unifi's built-in superold version of dnscrypt or is it using something else shipped with NextDNS CLI?

      • R_P_M
      • 1 mth ago
      • Reported - view

       NextDNS CLI uses its own implementation of DoH. 

    • David_A.1
    • 2 wk ago
    • Reported - view

    FYI CLI install is broken in 4.1.9 :-( Moving back to no client identification by using the gui option

      • Brian.13
      • 7 days ago
      • Reported - view

      is this still broken? CLI? what is the error etc?

      • David_A.1
      • 6 days ago
      • Reported - view

       No error even with debug it just does nothing when running the command.

      • David_A.1
      • 6 days ago
      • Reported - view

      Welp... it's working now....

    • Defender
    • 11 days ago
    • Reported - view

    I’m about to roll the dice and take a fellow member’s lead and use the Control D CLI on my UniFi EFG, but point it to NextDNS.  This will allow us to use DoH3.

Content aside

  • 5 days agoLast active
  • 42Replies
  • 9886Views
  • 19 Following