Unifi UDM + nextdns not resolving
Hi all,
I just installed the nextdns client on my UDM, which installed and configured successfully, listening on port 5342. But as far as I can tell only queries from the UDM itself are being resolved by nextdns. I don't see domains show up in the analytics or logs, coming from other devices on the network). Is there a configuration I am missing? Do I need to point the UnifiOS built-in DNS resolver (dnsmasq) to forward queries to the nextdns client? If so, how do I supply the custom port number?
Used these install instructions: https://github.com/nextdns/nextdns/wiki/UnifiOS
7 replies
-
said:
Do I need to point the UnifiOS built-in DNS resolver (dnsmasq) to forward queries to the nextdns client? If so, how do I supply the custom port number?Yes you do need to forward seeing as it hasn’t auto configured completely.
Just follow instructions here:
https://github.com/nextdns/nextdns/wiki/DNSMasq-Integration
and change the port number to what you have set already.
-
The right settings should already be added to dnsmasq in this file: /run/dnsmasq.conf.d/nextdns.conf
Can you share its content?
-
Here it is, you are right the settings are there. So what could be the issue then?
# Configuration generated by NextDNS no-resolv server=127.0.0.1#5342 add-mac add-subnet=32,128 max-cache-ttl=0Aa an example here's a DNS request from the UDM (SSH) to a domain I blocked for testing purposes:
dig vladvlasceanu.com ; <<>> DiG 9.16.42-Debian <<>> vladvlasceanu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63693 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; EDE: 17 (Filtered): (Blocked by NextDNS) ;; QUESTION SECTION: ;vladvlasceanu.com. IN A ;; ANSWER SECTION: vladvlasceanu.com. 5 IN CNAME blockpage.nextdns.io. blockpage.nextdns.io. 5 IN A 45.32.79.76 ;; Query time: 20 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Oct 06 09:10:44 PDT 2023 ;; MSG SIZE rcvd: 120Here's the same request from a client Mac attached to the network (192.168.110.1 is the router IP in that VLAN):
dig @192.168.110.1 vladvlasceanu.com ; <<>> DiG 9.10.6 <<>> @192.168.110.1 vladvlasceanu.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40455 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;vladvlasceanu.com. IN A ;; Query time: 73 msec ;; SERVER: 192.168.110.1#53(192.168.110.1) ;; WHEN: Fri Oct 06 09:11:09 PDT 2023 ;; MSG SIZE rcvd: 46So it seems the queries are going to the upstream DNS servers of my internet provider (Spectrum):
cat /etc/resolv.conf # Generated automatically by ubios-udapi-server nameserver 127.0.0.1cat /etc/resolv.dnsmasq # Generated automatically by ubios-udapi-server search socal.rr.com # static nameservers # eth8 nameserver 45.90.28.68 nameserver 45.90.30.68 -
do you have the dnsfilter feature enabled on the UDM?
-
I think so, if this is what you mean by DNSfilter:
- Content Filtering set to "Work" for each VLAN
- Gateway Engine enabled in Application Firewall section
Is that preventing DNS queries from flowing through nextdns?
-
Following up - the Content Filtering on the networks (VLANs) was the culprit. I turned it off and everything started working.
-
Content aside
- 6 mths agoLast active
- 7Replies
- 633Views
-
3
Following