Saw the title. I got jealous because I have a UDR. Then I just logged in to my router and there it was the 8.2.93 waiting for my UDR. I started the update, and it seems that DNS Server is a thing for UDR too!!! Great video as always.
Great video as always! One thing that's missing on UA-cam, is an instructions video on how to use Ubiquiti camera (NVR) and have it save images and/or videos on the NAS in case of motion detection. Might not be possible, but it should be!
Great video, will look in to the new DNS option in DMP. Furthermore, the best way to run DNS (like adguard/pihole ) is on kubernetes. Then you can reboot a node and you will not be down.
Nice they offer this now. Personally I have Adguard as my DNS running on my server then my UCGU has a second dns if my adguard goes down to a openDNS server.
Nobody said you need this. If you have a UDM Pro/SE or UDR as a home user, and you don't know what you might use this for, it's likely not for you and that's okay. Not everybody needs to manage a DNS server. But for those that need these features, especially for the SMB sector or a home-lab, DNS is one of the essential network elements.
correction: "Running DNS locally is THE SAFEST experience to survive the internet of the 2020's and above". I run a local Bind9 full root-resolver (NOT FORWARDER) feeding a pihole with more than 1Mi blocked sites. When I go out of my home without this kind of security, I feel naked.
Just a note: it seems that the custom DNS records don't work if you have the content filtering turned on (set to family or work). I'm assuming that unifi's content filtering is just a dns server they host. I'm not sure why they couldn't have made it so that it checks the gateway's local dns records first, then forwards anything not referenced by a local record to their content filtering dns.
Is it worth switching from pi hole on a pi 4 to this in your opinion? I wouldn’t mind reclaiming 4.5 watts of power. Performance is probably a bit better as well since it’s all done on the same machine (latency wise).
Great video. I managed to create some A records for my local homelab servers. But when I access them by the domain name I created they are no longer under https like in your example with Synology. The next step would be to create certificates? thanks!
Any chance the custom DNS records settings will be coming to USG-3P (or UXG-Lite or UXG-Max)? I don't see the DNS pane under "Routing" after upgrading to 8.2.93. (Running locally installed controller + USG-3P)
What's the difference between the primary and secondary DNS server under internet, and the the per network DNS servers you can configure for each DHCP network?
Primary and Secondary DNS servers are available so that if one goes offline, you can still reach the records from the secondary DNS server. It's an auto-failover mechanism. The per-network DNS servers for DHCP networks are the same thing, but you can specify different DNS servers for each network, if you have the need or want to play around with that sort of thing.
For me, I always like to see more competition in the space. But for a NAS, I really have to wait to see how it performs in the medium term before giving any thoughts on it.
Interesting and a nice improvement, but is it possible to run this along with Pi-hole? I want the blocking and control Pi-hole offers, something Unifi doesn't yet have.
Why run both? Just go with Pi-Hole and throw in redundancy, that's what I've been doing for years without issues. You don't even need to give out all redundant IPs to clients when using keepalived
This is great for people who use their UDM's for everything, DHCP, DNS, etc. But people like me who has their own home lab of Windows server with my own DHCP, DNS, etc this really isn't important.
Have unifi allows multiple ip address on a single wan port yet? if we are doing any dns forwarding, for failover we will need this. Many other mainstream router manufacturers do this.
Where or how would you configure a pihole as an upstream server so that the local domains are resolved by unifi, but the rest by pihole (blocked where necessary)?
Hi everyone. I am running 8.2.93 on my UDM pro and I created to A records to point at my NAS and it does not resolve. my PCs are all looking at my UDM pro for DNS. any thoughts ?
I use pihole to provide dns, esp CNAME's so I can set up my services and run them off a traefik proxy. So I can't wait for a CNAME's to be supported. However I am wondering how this works with VLAN's and and if there will be DNS leakage across VLAN's. But forwards are just amazing.
I'm totally new to networking - is there anything wrong with just putting a single word without a domain - for example just type "//NAS" and it resolves to my NAS ip address? It seems to work but doesn't seem like the right way to do things.
I assume you mean Cloudflare Dyndns. In fact, the tool "inadyn" used under the hood does support Cloudflare as a provider. However, this feature has not yet made it into the GUI.
In my config, I used my UDM-SE as my DHCP server & [obviously] router, but I have dual Raspberry PIs serving as my DNS servers (running Pi Hole with Unbound). Although your video is very informative, you don't even mention this [fairly] common setup.
This is super bare bones DNS, not easy to update via other DNS servers, and for those of us with an established network so not needed. Better to have proper DNS removed from the appliance so when something goes wrong like a reboot local network does not suffer.
Would love to replace my Adguard and Nginx reverse proxy setup as it adds a lot of complexity - which seems possible now. Except: is there any way to keep the ad-blocking features?
I like how you showed how to add a DNS record. I was trying so things and they worked. But when I was all done testing I wanted to delete the record and I don't see any option to delete a newly created record? HELP
Bottom right on that screen click "Manage". That will make the list editable. Click the checkbox next to the one you want to delete and then click Remove at the bottom.
@@SpaceRexWill Thanks unfortunate. But thank you for that info.. My idea was to maintain my hosts in UniFi and resolve everything else with my Pi-hole then.
@@BerserkeR_031 Nah, this is for overweight incels that live in their mom's basement waisting their life on gaming. I have a MSc and do very well in life. Network is not in the curriculum at most high schools. My home rack is close to $100k... and I am very happy about the set up. That does not mean that I'm an expert on local DNS. This dude makes excellent videos, but he miss the mark at this one.... I am sure your mom has your dinner ready by now. Go and get it....
When you are just starting out writing firewall rules, IP6 is a nightmare to get started on. I would skip IP6 until you get to know what’s going on. as you don’t miss much
@@SpaceRexWill that's plain not true. IPv6 is much easier to learn in fact since I switched to teach ipv6 first the upcoming network experts are way faster in picking up how ip works
more plex privacy videos please. you can keep on dunking on them about privacy i dont care. at least im know my plex watch history is more private. and also more unifi reverse proxy in custom dns
You think your Plex watch history is private? Plex can see your entire watch history and your library and all of the access to your library. It's not private.
@@xxxxxxsauron prove that Plex, a service that requires internet access in order to access your own media through it by signing into it, isn't private? Golly gee. I wonder how I'm going to do that...
@@rsdotscot dude. i meant more private like my mom cant see my watch history. seriously you watched the video :edit: i meant the plex video spacerex did a while back. also wt..f my edits dont work
Saw the title and instantly jumped to update my UDM-Pro to update. Thank you for the heads up!
I did the same thing! I didn't even wait for others to update, I just jumped right in.
It works great!
Saw the title. I got jealous because I have a UDR. Then I just logged in to my router and there it was the 8.2.93 waiting for my UDR. I started the update, and it seems that DNS Server is a thing for UDR too!!! Great video as always.
So glad they have forwarded domains so we can use active directory servers properly, yay!!
How do you config this within an active directory environment?
... Currently I'm running the AD as my DNS for network clients. Thx
@spacerex A video on “hijacking’”AD DNS would be awesome.
Love this, as I use Adguard Home, I would love to see more custom blocklist and custom DNS rules.
Great video as always!
One thing that's missing on UA-cam, is an instructions video on how to use Ubiquiti camera (NVR) and have it save images and/or videos on the NAS in case of motion detection. Might not be possible, but it should be!
fantastic video and I jumped onto my UDM and configured DNS. Now working on some use cases where I can use this in combination of pihole
Video with a huge payload punch of knowledge. DNS the backbone of everything
Great feature! The last puzzle peace is an API for automated DNS record management. Then I can finally retire my dnsmasq.
Thank you for all of your interesting and helpful videos. 😊
Thanks!
Bought one of these a while back and havnen't had the chance to set it up yet. THANKS!
Thanks for the videos, Network Stiffler
Thanks!
Great video, will look in to the new DNS option in DMP. Furthermore, the best way to run DNS (like adguard/pihole ) is on kubernetes. Then you can reboot a node and you will not be down.
Where do you enter the ip of the pihole as an upstream server?
@@fisherich I don't use pihole, but i guess you can configure it (it's a old link)
This is awesome news. Really great video. 🥳
Nice they offer this now. Personally I have Adguard as my DNS running on my server then my UCGU has a second dns if my adguard goes down to a openDNS server.
Can you do more videos on this all? Reverse proxy to be exact. Thanks
Finally! Great update.
Would love to know how that reverse proxy you mentioned would be set up!
As a home Unifi user why do I need this? Performance? Stability?
Nobody said you need this. If you have a UDM Pro/SE or UDR as a home user, and you don't know what you might use this for, it's likely not for you and that's okay. Not everybody needs to manage a DNS server.
But for those that need these features, especially for the SMB sector or a home-lab, DNS is one of the essential network elements.
Thanks for a great video ⭐️ Christmas is coming early this year.
correction: "Running DNS locally is THE SAFEST experience to survive the internet of the 2020's and above".
I run a local Bind9 full root-resolver (NOT FORWARDER) feeding a pihole with more than 1Mi blocked sites.
When I go out of my home without this kind of security, I feel naked.
Wow, powerful
Awesome video!
A caching DNS server would be really great especially for home/SMB users.
It already does that!
I have 2 Synology NAS's for my primary and backup DNS server. I really wish Unifi supported a secondary DNS server for the forwarding domain feature.
About time!
Dang 20 minutes to say it has real DNS, but doesn't support CNAME or PTR records, so not real DNS.
Just a note: it seems that the custom DNS records don't work if you have the content filtering turned on (set to family or work). I'm assuming that unifi's content filtering is just a dns server they host. I'm not sure why they couldn't have made it so that it checks the gateway's local dns records first, then forwards anything not referenced by a local record to their content filtering dns.
Thank you sir for the info
🤮
Is it worth switching from pi hole on a pi 4 to this in your opinion? I wouldn’t mind reclaiming 4.5 watts of power. Performance is probably a bit better as well since it’s all done on the same machine (latency wise).
No, I would only forwanrd the pihole like he said
I've been running a pi-hole with recursive unbound, lets me set up local records also
How are you syncing your DNS records between the pi -holes?
@@SpaceRexWill Gravity-Sync, works fine for what I needed.
Great video. I managed to create some A records for my local homelab servers. But when I access them by the domain name I created they are no longer under https like in your example with Synology. The next step would be to create certificates? thanks!
My same situation... need how to get it to be https, and is is when I log directly into my Synology
Any chance the custom DNS records settings will be coming to USG-3P (or UXG-Lite or UXG-Max)?
I don't see the DNS pane under "Routing" after upgrading to 8.2.93. (Running locally installed controller + USG-3P)
Me neither
@@roderick8820 Same here. Selfhosted network application / controller and USG-3.
What's the difference between the primary and secondary DNS server under internet, and the the per network DNS servers you can configure for each DHCP network?
Primary and Secondary DNS servers are available so that if one goes offline, you can still reach the records from the secondary DNS server. It's an auto-failover mechanism.
The per-network DNS servers for DHCP networks are the same thing, but you can specify different DNS servers for each network, if you have the need or want to play around with that sort of thing.
Hey Will, what are your thoughts on the Ugreen NAS systems?
For me, I always like to see more competition in the space. But for a NAS, I really have to wait to see how it performs in the medium term before giving any thoughts on it.
What we need is to bring our own certificates into this system!!!
Interesting and a nice improvement, but is it possible to run this along with Pi-hole? I want the blocking and control Pi-hole offers, something Unifi doesn't yet have.
Why run both? Just go with Pi-Hole and throw in redundancy, that's what I've been doing for years without issues. You don't even need to give out all redundant IPs to clients when using keepalived
Running 8.3.32 on my UDMP and I don't have the "DNS" tab under Routing.
This is great for people who use their UDM's for everything, DHCP, DNS, etc. But people like me who has their own home lab of Windows server with my own DHCP, DNS, etc this really isn't important.
Have unifi allows multiple ip address on a single wan port yet? if we are doing any dns forwarding, for failover we will need this. Many other mainstream router manufacturers do this.
Go will just 8k subs to go! From sweden
Any idea if this supports wildcard records?
So, are we almost capable of letting go of AdGuard DNS servers and Nginx Reverse Proxy?
How has this been missing for so long? I guess that was another reason for running pfSense that's no longer really relevant for me.
Where or how would you configure a pihole as an upstream server so that the local domains are resolved by unifi, but the rest by pihole (blocked where necessary)?
Running the latest version on a self hosted for myself and a cloud key for one of clients, but I don’t see the option.
Hi everyone. I am running 8.2.93 on my UDM pro and I created to A records to point at my NAS and it does not resolve. my PCs are all looking at my UDM pro for DNS. any thoughts ?
I use pihole to provide dns, esp CNAME's so I can set up my services and run them off a traefik proxy. So I can't wait for a CNAME's to be supported. However I am wondering how this works with VLAN's and and if there will be DNS leakage across VLAN's. But forwards are just amazing.
So what does it mean that when you say "If you use UDM as your local DNS"
I'm totally new to networking - is there anything wrong with just putting a single word without a domain - for example just type "//NAS" and it resolves to my NAS ip address? It seems to work but doesn't seem like the right way to do things.
I can’t see the option on my usg pro, is this only supported on the udm?
Huh? Did they just not know that unbound exists and how good the APIs are for it?
My experience with these included or feature additions is they are buggy and keep crashing...
Cloudflare integration is the only thing left on my list.
I assume you mean Cloudflare Dyndns. In fact, the tool "inadyn" used under the hood does support Cloudflare as a provider. However, this feature has not yet made it into the GUI.
Just to clarify, you cannot do a reverse proxy with the UDM Pro Max without third party script right?
Correct. This is only DNS
Does it support PTR records?
In my config, I used my UDM-SE as my DHCP server & [obviously] router, but I have dual Raspberry PIs serving as my DNS servers (running Pi Hole with Unbound).
Although your video is very informative, you don't even mention this [fairly] common setup.
This is super bare bones DNS, not easy to update via other DNS servers, and for those of us with an established network so not needed. Better to have proper DNS removed from the appliance so when something goes wrong like a reboot local network does not suffer.
Hope it integrates with Windows Server (2016+) DNS
I have a Cloud Gateway Ultra with this version, but i can't find the dns tab in routing. Any idea if CGU was left out?
Apparently the update was automatic, but the restart had to be manual. Fml! Bottom line, i can see it now.
I have the latest version but DNS is not showing any ideas guys?
Reboot is required after the update guys if you have auto update on
Would love to replace my Adguard and Nginx reverse proxy setup as it adds a lot of complexity - which seems possible now. Except: is there any way to keep the ad-blocking features?
Unifi already has ad blocking, but not a lot of control over it
i use adguard home on my synology so why should i use this? i have the udm pro but i configured my adguard home ip as dns server for all my networks.
Every time you update or restart your Synology for other reasons, your DNS goes down.
I like how you showed how to add a DNS record. I was trying so things and they worked. But when I was all done testing I wanted to delete the record and I don't see any option to delete a newly created record? HELP
Bottom right on that screen click "Manage". That will make the list editable. Click the checkbox next to the one you want to delete and then click Remove at the bottom.
@@fretbuzzly That worked great!!!!!! thank you
Setting up a HA DNS setup is not hard, it’s really easy when you use keepalived to manage a vip address for you etc
Mikrotik has this support for over a decade.
Can I define a default, e.g. to forward all DNS queries that do not match the maintained DNS names to a secondary DNS server?
You cannot
@@SpaceRexWill Thanks unfortunate. But thank you for that info.. My idea was to maintain my hosts in UniFi and resolve everything else with my Pi-hole then.
How do I enable my UDM pro to be the primary DNS server in my setup or do I just add my dns records and we are good?
You should configure the primary dns server to be the IP on the UDM using DHCP.
Unless you changed it, your UDM will be your DNS sever.
Check the LAN DHCP settings
I was thinking why did Synology add DNS, what's going on...
Thats soo cool, can you please make a video to use the unifi reverse proxy from the web
UniFi do not have a reverse proxy, you need to use separate software on another machine.
They need to add CNAME asap
I understood about 5%. This should have been about an 5 hour video divided into 50 videos...
Or maybe finish high school.
@@BerserkeR_031 Nah, this is for overweight incels that live in their mom's basement waisting their life on gaming. I have a MSc and do very well in life. Network is not in the curriculum at most high schools. My home rack is close to $100k... and I am very happy about the set up. That does not mean that I'm an expert on local DNS. This dude makes excellent videos, but he miss the mark at this one.... I am sure your mom has your dinner ready by now. Go and get it....
@@BerserkeR_031harsh but true
Batch import
Unifi please give us a NAS next
I’ve seen rumours that they are making a NAS, however, we haven’t heard anything official yet.
goto their store... Unifi Nas will be available after 1st of November
No ipv6 no good.
When you are just starting out writing firewall rules, IP6 is a nightmare to get started on.
I would skip IP6 until you get to know what’s going on. as you don’t miss much
@@SpaceRexWill that's plain not true. IPv6 is much easier to learn in fact since I switched to teach ipv6 first the upcoming network experts are way faster in picking up how ip works
Lmao… 🤣
@@legendaryzfpsthis guy… lmao
Why are you whispering?
Why is this so funny to me 😂
more plex privacy videos please. you can keep on dunking on them about privacy i dont care. at least im know my plex watch history is more private. and also more unifi reverse proxy in custom dns
You think your Plex watch history is private? Plex can see your entire watch history and your library and all of the access to your library. It's not private.
@@rsdotscot ok jellyfin fan. prove it
@@xxxxxxsauron prove that Plex isn't private? Try using it without an internet connection. EVERYTHING does through their servers.
@@xxxxxxsauron prove that Plex, a service that requires internet access in order to access your own media through it by signing into it, isn't private? Golly gee. I wonder how I'm going to do that...
@@rsdotscot dude. i meant more private like my mom cant see my watch history. seriously you watched the video :edit: i meant the plex video spacerex did a while back. also wt..f my edits dont work
spoken like a true millennial "I'm not sure why you would use a mail record" - lol. Kids don't know nothing now-a-days!
Gee Will starting to get a bit money hungry like the rest of them.... Lol members only, really.....
Members get access to the same videos, just a little early!
@@SpaceRexWill I'll wait then
I hate your transition effects