2024 Ubiquiti DNS Shield Configuration Issue
I noticed that Ubiquiti now allows the use of DNS Shield which allows DNS over HTTPS within the Dream Machine Pro's Controller software. I also noticed that NextDNS has 3 entries in the UniFi control panel by default (see attached screenshot). I have a paid NextDNS Pro account. How do I force Ubiquiti's settings to use my specific paid account? In other words, how do I set it to use "https://dns.nextdns.io/XXXXXX" as an entry?
23 replies
-
You can’t with this feature. It’s best to install our CLI.
-
Is there any update in this matter? What's the best practice to have Ubiquiti/Unifi use our paid NextDNS profile for DNS requests using encryption?
Is the latest best practice still to run the https://nextdns.io/cli on the router with specific instructions for UnifiOS from https://github.com/nextdns/nextdns/wiki/UnifiOS (Keep Content Filtering and the Ad Blocking OFF at UnifiOS) ?
-
First UNA beta was released with the option for „Custom DNS Shield settings“:
-
Based on the release notes forum comments at Ubiquiti I shall stick to CLI first. The DNS-SHIELD using the DnsCrypt settings in the Unifi Security Settings seems not to run very smoothly yet.
BTW: After the update to the new ("EA") version at Ubiquiti Unifi I had to re-install the CLI using SSH.
-
Now the general release is out has anyone tried it with Nextdns without using the CLI method? Why do you need the sdns://? I thought DNSCrypt was dying, is that what Unifi is using instead of TLS? I have a cloud gateway ordered and I'd really like it to work with Nextdns.
-
Yes, I have and has worked fine on both UDM-P and UXG-L. After watching my logs I saw that the UDM/UXG itself also needed to have its WAN DNS pointed to 127.0.0.1 so when it resolved microsoft.com, google.com, and cloudflare.com as part of the internet health check, those DNS lookups did not escape. My Encrypted DNS metric in the Analytics tab is now 100% after over a week of use with 50+ LAN clients.
-
works perfectly fine for me on my UDM-SE for 2 weeks
-
In my setup NextDNS keeps flapping between being an unconfigured profile and a configured one. Does your setup have that issue?
-
That is awesome news and good catch on the WAN DNS. Thanks!
-
I had that with another setup. Turned out it was working on IPv4 and not on IPv6 - so it sometimes worked and sometimes didn't.
-
where do you obtain the DNS Stamp (sdns://) value for NextDNS? Thank you.
-
The stamp can be found in the Linux setup section.
Then visit https://dnscrypt.info/stamps/ and paste in the stamp for further editing of the info (like adding a device name).
-
device name does not work when using dns shield with custom option. It would require CLI to run
-
You are correct that individual device names don’t work with dns stamps behind the router but I was referring to giving the router a device name.
-
Thanks for the help! Could you explain why it is necessary to point the WAN DNS to 127.0.0.1? I did and Microsoft and Google latency indicators stopped working. I don't know if it had anything to do with it.
-
-
On new version 8.4.59 got an option to set the nextDNS how to setup this btw please anyone let me know
-
BTW I did find this DNS Stamp Calculator for DNSCrypt. Wasn't sure if there are instructions on how to use it to generate a DNS Stamp for NextDNS. Thanks.
https://dnscrypt.info/stamps/ -
On the NextDNS setup guide, select Linux, scroll down to DNSCrypt and you will find your sdns:// url
Paste sdns:// into the Custom DNS Stamp within Unifi. Server name is for your own refrence.
Content aside
- 12 hrs agoLast active
- 23Replies
- 7740Views
-
14
Following