0

2024 Ubiquiti DNS Shield Configuration Issue

I noticed that Ubiquiti now allows the use of DNS Shield which allows DNS over HTTPS within the Dream Machine Pro's Controller software. I also noticed that NextDNS has 3 entries in the UniFi control panel by default (see attached screenshot). I have a paid NextDNS Pro account. How do I force Ubiquiti's settings to use my specific paid account? In other words, how do I set it to use "https://dns.nextdns.io/XXXXXX" as an entry?

60 replies

null
    • Roman_Gonzalez
    • 1 mth ago
    • Reported - view

    Hi Guys, I enabled both the CLI and the Custom. is there any issue with doing this? show I only have one?

      • Radman
      • 1 mth ago
      • Reported - view

       you mean you have the DNS Shield set up and the CLI installed? 
       

      there are no issues with that, it’s what I have. 

      • James.46
      • 1 mth ago
      • Reported - view

       this is a pretty smart move, I think I'll do it too! If for whatever reason Unifi OS gets updated and you forget to restart the CLI installation, at least the traffic will continue to pass through NextDNS albeit without device names...

      • NextDNs
      • 1 mth ago
      • Reported - view

       with the latest version of the CLI, it will survive UDM firmware upgrade BTW.

      • Radman
      • 1 mth ago
      • Reported - view

       “kinda”

      as above while it survives it is not fully functional until manually restarted.

    • Jason_Miles
    • 1 mth ago
    • Reported - view

    Since Unifi has added the ability to configure NextDNS within their UDM’s UI using Custom DNS (formerly DNS Shield), what is the point or benefit of continuing to use the CLI installer?

      • David_A.1
      • 1 mth ago
      • Reported - view

       You get per device information in the nextdns portal doing it this way. If you use the GUI you can't tell what host made the dns request.

      • Radman
      • 1 mth ago
      • Reported - view

        what David said, I use both. The CLI to add per endpoint info, and DNS Shield for network wide channeling of encrypted DNS.

      • Daniel.53
      • 1 mth ago
      • Reported - view

       one question: does the internal DNS resolution of the Unifi device (e.g. creating own records etc) still work when using either one or both of them, or do you loose this functionality?

    • Defender
    • 1 mth ago
    • Reported - view

    I'm using Control D's CLI which will work with NextDNS or any other DoH/DoT provider.  It's much more stable, survives reboots and firmware updates, and is highly configurable.  Until Ubiquiti changes something in their firmware which they're known for doing.

    • Elliot_Tonquin
    • yesterday
    • Reported - view

    Running Unifi OS 4.1.13 on a UDM Pro with Network v9.0.114. Not interested in installing the CLI at this time. In order to use NextDNS and have the logging and analytics work, do I setup NextDNS using Security->Protection->Encrypted DNS->Custom and just fill in the server name and DNS stamp? I did this and it resolves names, but it doesn't use my profile. I also don't see any entries in the Analytics or Logs tabs. I also tried the Predefined setup and picked NextDNS from the list with the same result.  Do I also need to link my IP and point my WAN interface to the NextDNS primary and secondary? The setup screen makes it look like it's Endpoint or Linked IP, but not both. Some documentation would really help out here. Thank you 

Login to reply

Content aside

  • yesterdayLast active
  • 60Replies
  • 13217Views
  • 28 Following