Saw the title. I got jealous because I have a UDR. Then I just logged in to my router and there it was the 8.2.93 waiting for my UDR. I started the update, and it seems that DNS Server is a thing for UDR too!!! Great video as always.
Great video as always! One thing that's missing on RUclips, is an instructions video on how to use Ubiquiti camera (NVR) and have it save images and/or videos on the NAS in case of motion detection. Might not be possible, but it should be!
Great video, will look in to the new DNS option in DMP. Furthermore, the best way to run DNS (like adguard/pihole ) is on kubernetes. Then you can reboot a node and you will not be down.
Any chance the custom DNS records settings will be coming to USG-3P (or UXG-Lite or UXG-Max)? I don't see the DNS pane under "Routing" after upgrading to 8.2.93. (Running locally installed controller + USG-3P)
Nice they offer this now. Personally I have Adguard as my DNS running on my server then my UCGU has a second dns if my adguard goes down to a openDNS server.
I have Unifi Controller installed. My DHCP is running on Unifi, not the domain controller. But i want my Domain name to be recognized when i search it over the network like joining the domain without putting the manual DNS. Can you help me with this?
Is it worth switching from pi hole on a pi 4 to this in your opinion? I wouldn’t mind reclaiming 4.5 watts of power. Performance is probably a bit better as well since it’s all done on the same machine (latency wise).
I'm totally new to networking - is there anything wrong with just putting a single word without a domain - for example just type "//NAS" and it resolves to my NAS ip address? It seems to work but doesn't seem like the right way to do things.
What's the difference between the primary and secondary DNS server under internet, and the the per network DNS servers you can configure for each DHCP network?
Primary and Secondary DNS servers are available so that if one goes offline, you can still reach the records from the secondary DNS server. It's an auto-failover mechanism. The per-network DNS servers for DHCP networks are the same thing, but you can specify different DNS servers for each network, if you have the need or want to play around with that sort of thing.
Interesting and a nice improvement, but is it possible to run this along with Pi-hole? I want the blocking and control Pi-hole offers, something Unifi doesn't yet have.
Why run both? Just go with Pi-Hole and throw in redundancy, that's what I've been doing for years without issues. You don't even need to give out all redundant IPs to clients when using keepalived
Nobody said you need this. If you have a UDM Pro/SE or UDR as a home user, and you don't know what you might use this for, it's likely not for you and that's okay. Not everybody needs to manage a DNS server. But for those that need these features, especially for the SMB sector or a home-lab, DNS is one of the essential network elements.
For me, I always like to see more competition in the space. But for a NAS, I really have to wait to see how it performs in the medium term before giving any thoughts on it.
Just a note: it seems that the custom DNS records don't work if you have the content filtering turned on (set to family or work). I'm assuming that unifi's content filtering is just a dns server they host. I'm not sure why they couldn't have made it so that it checks the gateway's local dns records first, then forwards anything not referenced by a local record to their content filtering dns.
Where or how would you configure a pihole as an upstream server so that the local domains are resolved by unifi, but the rest by pihole (blocked where necessary)?
Hi everyone. I am running 8.2.93 on my UDM pro and I created to A records to point at my NAS and it does not resolve. my PCs are all looking at my UDM pro for DNS. any thoughts ?
Great video. I managed to create some A records for my local homelab servers. But when I access them by the domain name I created they are no longer under https like in your example with Synology. The next step would be to create certificates? thanks!
@@SpaceRexWill Thanks unfortunate. But thank you for that info.. My idea was to maintain my hosts in UniFi and resolve everything else with my Pi-hole then.
Have unifi allows multiple ip address on a single wan port yet? if we are doing any dns forwarding, for failover we will need this. Many other mainstream router manufacturers do this.
Would love to replace my Adguard and Nginx reverse proxy setup as it adds a lot of complexity - which seems possible now. Except: is there any way to keep the ad-blocking features?
I use pihole to provide dns, esp CNAME's so I can set up my services and run them off a traefik proxy. So I can't wait for a CNAME's to be supported. However I am wondering how this works with VLAN's and and if there will be DNS leakage across VLAN's. But forwards are just amazing.
correction: "Running DNS locally is THE SAFEST experience to survive the internet of the 2020's and above". I run a local Bind9 full root-resolver (NOT FORWARDER) feeding a pihole with more than 1Mi blocked sites. When I go out of my home without this kind of security, I feel naked.
I like how you showed how to add a DNS record. I was trying so things and they worked. But when I was all done testing I wanted to delete the record and I don't see any option to delete a newly created record? HELP
Bottom right on that screen click "Manage". That will make the list editable. Click the checkbox next to the one you want to delete and then click Remove at the bottom.
In my config, I used my UDM-SE as my DHCP server & [obviously] router, but I have dual Raspberry PIs serving as my DNS servers (running Pi Hole with Unbound). Although your video is very informative, you don't even mention this [fairly] common setup.
I assume you mean Cloudflare Dyndns. In fact, the tool "inadyn" used under the hood does support Cloudflare as a provider. However, this feature has not yet made it into the GUI.
This is great for people who use their UDM's for everything, DHCP, DNS, etc. But people like me who has their own home lab of Windows server with my own DHCP, DNS, etc this really isn't important.
This is super bare bones DNS, not easy to update via other DNS servers, and for those of us with an established network so not needed. Better to have proper DNS removed from the appliance so when something goes wrong like a reboot local network does not suffer.
@@BerserkeR_031 Nah, this is for overweight incels that live in their mom's basement waisting their life on gaming. I have a MSc and do very well in life. Network is not in the curriculum at most high schools. My home rack is close to $100k... and I am very happy about the set up. That does not mean that I'm an expert on local DNS. This dude makes excellent videos, but he miss the mark at this one.... I am sure your mom has your dinner ready by now. Go and get it....
more plex privacy videos please. you can keep on dunking on them about privacy i dont care. at least im know my plex watch history is more private. and also more unifi reverse proxy in custom dns
You think your Plex watch history is private? Plex can see your entire watch history and your library and all of the access to your library. It's not private.
@@xxxxxxsauron prove that Plex, a service that requires internet access in order to access your own media through it by signing into it, isn't private? Golly gee. I wonder how I'm going to do that...
@@rsdotscot dude. i meant more private like my mom cant see my watch history. seriously you watched the video :edit: i meant the plex video spacerex did a while back. also wt..f my edits dont work
When you are just starting out writing firewall rules, IP6 is a nightmare to get started on. I would skip IP6 until you get to know what’s going on. as you don’t miss much
@@SpaceRexWill that's plain not true. IPv6 is much easier to learn in fact since I switched to teach ipv6 first the upcoming network experts are way faster in picking up how ip works
Saw the title and instantly jumped to update my UDM-Pro to update. Thank you for the heads up!
I did the same thing! I didn't even wait for others to update, I just jumped right in.
It works great!
Thank you for all of your interesting and helpful videos. 😊
Thanks!
Saw the title. I got jealous because I have a UDR. Then I just logged in to my router and there it was the 8.2.93 waiting for my UDR. I started the update, and it seems that DNS Server is a thing for UDR too!!! Great video as always.
Thanks!
Love this, as I use Adguard Home, I would love to see more custom blocklist and custom DNS rules.
Great video as always!
One thing that's missing on RUclips, is an instructions video on how to use Ubiquiti camera (NVR) and have it save images and/or videos on the NAS in case of motion detection. Might not be possible, but it should be!
fantastic video and I jumped onto my UDM and configured DNS. Now working on some use cases where I can use this in combination of pihole
So glad they have forwarded domains so we can use active directory servers properly, yay!!
How do you config this within an active directory environment?
... Currently I'm running the AD as my DNS for network clients. Thx
@spacerex A video on “hijacking’”AD DNS would be awesome.
Bought one of these a while back and havnen't had the chance to set it up yet. THANKS!
Video with a huge payload punch of knowledge. DNS the backbone of everything
Great feature! The last puzzle peace is an API for automated DNS record management. Then I can finally retire my dnsmasq.
Thanks for the videos, Network Stiffler
Would love to know how that reverse proxy you mentioned would be set up!
Thanks for a great video ⭐️ Christmas is coming early this year.
Thank you very much!
Dang 20 minutes to say it has real DNS, but doesn't support CNAME or PTR records, so not real DNS.
do you know where the records are stored. I would like to export them
Great video, will look in to the new DNS option in DMP. Furthermore, the best way to run DNS (like adguard/pihole ) is on kubernetes. Then you can reboot a node and you will not be down.
Where do you enter the ip of the pihole as an upstream server?
@@fisherich I don't use pihole, but i guess you can configure it (it's a old link)
Any chance the custom DNS records settings will be coming to USG-3P (or UXG-Lite or UXG-Max)?
I don't see the DNS pane under "Routing" after upgrading to 8.2.93. (Running locally installed controller + USG-3P)
Me neither
@@roderick8820 Same here. Selfhosted network application / controller and USG-3.
Nice they offer this now. Personally I have Adguard as my DNS running on my server then my UCGU has a second dns if my adguard goes down to a openDNS server.
Can you do more videos on this all? Reverse proxy to be exact. Thanks
This is awesome news. Really great video. 🥳
I have Unifi Controller installed. My DHCP is running on Unifi, not the domain controller. But i want my Domain name to be recognized when i search it over the network like joining the domain without putting the manual DNS. Can you help me with this?
Can you use this to resolve dns inquiries for your local domain controller?
Is it worth switching from pi hole on a pi 4 to this in your opinion? I wouldn’t mind reclaiming 4.5 watts of power. Performance is probably a bit better as well since it’s all done on the same machine (latency wise).
No, I would only forwanrd the pihole like he said
I'm totally new to networking - is there anything wrong with just putting a single word without a domain - for example just type "//NAS" and it resolves to my NAS ip address? It seems to work but doesn't seem like the right way to do things.
I can’t see the option on my usg pro, is this only supported on the udm?
What's the difference between the primary and secondary DNS server under internet, and the the per network DNS servers you can configure for each DHCP network?
Primary and Secondary DNS servers are available so that if one goes offline, you can still reach the records from the secondary DNS server. It's an auto-failover mechanism.
The per-network DNS servers for DHCP networks are the same thing, but you can specify different DNS servers for each network, if you have the need or want to play around with that sort of thing.
Interesting and a nice improvement, but is it possible to run this along with Pi-hole? I want the blocking and control Pi-hole offers, something Unifi doesn't yet have.
Why run both? Just go with Pi-Hole and throw in redundancy, that's what I've been doing for years without issues. You don't even need to give out all redundant IPs to clients when using keepalived
As a home Unifi user why do I need this? Performance? Stability?
Nobody said you need this. If you have a UDM Pro/SE or UDR as a home user, and you don't know what you might use this for, it's likely not for you and that's okay. Not everybody needs to manage a DNS server.
But for those that need these features, especially for the SMB sector or a home-lab, DNS is one of the essential network elements.
I have 2 Synology NAS's for my primary and backup DNS server. I really wish Unifi supported a secondary DNS server for the forwarding domain feature.
Hey Will, what are your thoughts on the Ugreen NAS systems?
For me, I always like to see more competition in the space. But for a NAS, I really have to wait to see how it performs in the medium term before giving any thoughts on it.
Any idea if this supports wildcard records?
Running 8.3.32 on my UDMP and I don't have the "DNS" tab under Routing.
Just a note: it seems that the custom DNS records don't work if you have the content filtering turned on (set to family or work). I'm assuming that unifi's content filtering is just a dns server they host. I'm not sure why they couldn't have made it so that it checks the gateway's local dns records first, then forwards anything not referenced by a local record to their content filtering dns.
Where or how would you configure a pihole as an upstream server so that the local domains are resolved by unifi, but the rest by pihole (blocked where necessary)?
I've been running a pi-hole with recursive unbound, lets me set up local records also
How are you syncing your DNS records between the pi -holes?
@@SpaceRexWill Gravity-Sync, works fine for what I needed.
So what does it mean that when you say "If you use UDM as your local DNS"
Hi everyone. I am running 8.2.93 on my UDM pro and I created to A records to point at my NAS and it does not resolve. my PCs are all looking at my UDM pro for DNS. any thoughts ?
A caching DNS server would be really great especially for home/SMB users.
It already does that!
Great video. I managed to create some A records for my local homelab servers. But when I access them by the domain name I created they are no longer under https like in your example with Synology. The next step would be to create certificates? thanks!
My same situation... need how to get it to be https, and is is when I log directly into my Synology
Go will just 8k subs to go! From sweden
Running the latest version on a self hosted for myself and a cloud key for one of clients, but I don’t see the option.
I have a Cloud Gateway Ultra with this version, but i can't find the dns tab in routing. Any idea if CGU was left out?
Apparently the update was automatic, but the restart had to be manual. Fml! Bottom line, i can see it now.
Does it support PTR records?
how do you forward a dns
Thank you sir for the info
🤮
How did I ever sign up for a dns server
Can I define a default, e.g. to forward all DNS queries that do not match the maintained DNS names to a secondary DNS server?
You cannot
@@SpaceRexWill Thanks unfortunate. But thank you for that info.. My idea was to maintain my hosts in UniFi and resolve everything else with my Pi-hole then.
I was going to configure cloudflare with Unifi but this got me confused
Just to clarify, you cannot do a reverse proxy with the UDM Pro Max without third party script right?
Correct. This is only DNS
So, are we almost capable of letting go of AdGuard DNS servers and Nginx Reverse Proxy?
How do I enable my UDM pro to be the primary DNS server in my setup or do I just add my dns records and we are good?
You should configure the primary dns server to be the IP on the UDM using DHCP.
Unless you changed it, your UDM will be your DNS sever.
Check the LAN DHCP settings
Have unifi allows multiple ip address on a single wan port yet? if we are doing any dns forwarding, for failover we will need this. Many other mainstream router manufacturers do this.
Time to kick 'em again for CNAMEs Mr SpaceRex!
Would love to replace my Adguard and Nginx reverse proxy setup as it adds a lot of complexity - which seems possible now. Except: is there any way to keep the ad-blocking features?
Unifi already has ad blocking, but not a lot of control over it
I use pihole to provide dns, esp CNAME's so I can set up my services and run them off a traefik proxy. So I can't wait for a CNAME's to be supported. However I am wondering how this works with VLAN's and and if there will be DNS leakage across VLAN's. But forwards are just amazing.
Finally! Great update.
i use adguard home on my synology so why should i use this? i have the udm pro but i configured my adguard home ip as dns server for all my networks.
Every time you update or restart your Synology for other reasons, your DNS goes down.
My experience with these included or feature additions is they are buggy and keep crashing...
What we need is to bring our own certificates into this system!!!
correction: "Running DNS locally is THE SAFEST experience to survive the internet of the 2020's and above".
I run a local Bind9 full root-resolver (NOT FORWARDER) feeding a pihole with more than 1Mi blocked sites.
When I go out of my home without this kind of security, I feel naked.
I like how you showed how to add a DNS record. I was trying so things and they worked. But when I was all done testing I wanted to delete the record and I don't see any option to delete a newly created record? HELP
Bottom right on that screen click "Manage". That will make the list editable. Click the checkbox next to the one you want to delete and then click Remove at the bottom.
@@fretbuzzly That worked great!!!!!! thank you
I have the latest version but DNS is not showing any ideas guys?
Reboot is required after the update guys if you have auto update on
In my config, I used my UDM-SE as my DHCP server & [obviously] router, but I have dual Raspberry PIs serving as my DNS servers (running Pi Hole with Unbound).
Although your video is very informative, you don't even mention this [fairly] common setup.
Cloudflare integration is the only thing left on my list.
I assume you mean Cloudflare Dyndns. In fact, the tool "inadyn" used under the hood does support Cloudflare as a provider. However, this feature has not yet made it into the GUI.
Huh? Did they just not know that unbound exists and how good the APIs are for it?
How has this been missing for so long? I guess that was another reason for running pfSense that's no longer really relevant for me.
Thats soo cool, can you please make a video to use the unifi reverse proxy from the web
UniFi do not have a reverse proxy, you need to use separate software on another machine.
Hope it integrates with Windows Server (2016+) DNS
This is great for people who use their UDM's for everything, DHCP, DNS, etc. But people like me who has their own home lab of Windows server with my own DHCP, DNS, etc this really isn't important.
How can you hist something and dont even remember signing up for it, nor have a business.
I was thinking why did Synology add DNS, what's going on...
Wow, powerful
Setting up a HA DNS setup is not hard, it’s really easy when you use keepalived to manage a vip address for you etc
This is super bare bones DNS, not easy to update via other DNS servers, and for those of us with an established network so not needed. Better to have proper DNS removed from the appliance so when something goes wrong like a reboot local network does not suffer.
Awesome video!
spoken like a true millennial "I'm not sure why you would use a mail record" - lol. Kids don't know nothing now-a-days!
Yea, i can get rid of pi-hole and unbound
They need to add CNAME asap
Mikrotik has this support for over a decade.
Unifi please give us a NAS next
I’ve seen rumours that they are making a NAS, however, we haven’t heard anything official yet.
goto their store... Unifi Nas will be available after 1st of November
I understood about 5%. This should have been about an 5 hour video divided into 50 videos...
Or maybe finish high school.
@@BerserkeR_031 Nah, this is for overweight incels that live in their mom's basement waisting their life on gaming. I have a MSc and do very well in life. Network is not in the curriculum at most high schools. My home rack is close to $100k... and I am very happy about the set up. That does not mean that I'm an expert on local DNS. This dude makes excellent videos, but he miss the mark at this one.... I am sure your mom has your dinner ready by now. Go and get it....
@@BerserkeR_031harsh but true
Batch import
About time!
more plex privacy videos please. you can keep on dunking on them about privacy i dont care. at least im know my plex watch history is more private. and also more unifi reverse proxy in custom dns
You think your Plex watch history is private? Plex can see your entire watch history and your library and all of the access to your library. It's not private.
@@rsdotscot ok jellyfin fan. prove it
@@xxxxxxsauron prove that Plex isn't private? Try using it without an internet connection. EVERYTHING does through their servers.
@@xxxxxxsauron prove that Plex, a service that requires internet access in order to access your own media through it by signing into it, isn't private? Golly gee. I wonder how I'm going to do that...
@@rsdotscot dude. i meant more private like my mom cant see my watch history. seriously you watched the video :edit: i meant the plex video spacerex did a while back. also wt..f my edits dont work
Gee Will starting to get a bit money hungry like the rest of them.... Lol members only, really.....
Members get access to the same videos, just a little early!
@@SpaceRexWill I'll wait then
Why are you whispering?
Why is this so funny to me 😂
No ipv6 no good.
When you are just starting out writing firewall rules, IP6 is a nightmare to get started on.
I would skip IP6 until you get to know what’s going on. as you don’t miss much
@@SpaceRexWill that's plain not true. IPv6 is much easier to learn in fact since I switched to teach ipv6 first the upcoming network experts are way faster in picking up how ip works
Lmao… 🤣
@@legendaryzfpsthis guy… lmao
I hate your transition effects