Lock down DNS on your network
Рет қаралды 16,713
Жыл бұрынIn this quick video tutorial we'll put DNS on notice!
Want to join us in learning how to deploy network services like this? Put your name on the training list now: williehowe.com/training/
Hire us! williehowe.com
Clean Browsing DNS Filter: cleanbrowsing.org/filters/
Amazon Afflilate Links for Gear:
Synology RTC2600AC: amzn.to/3pHTt2F
UDM Pro Link: amzn.to/3LKaqBR
Standard UDM Link: amzn.to/3AKChvr
Affiliate Links (I earn a small percentage of the sale if you use these links):
My AmazonLink: www.amazon.com/shop/williehowe
Netool: netool.io use code WHT to save at least 10%!
Digital Ocean Affiliate Link: m.do.co/c/39aaf717223f
Patreon Link: / williehowe
Contact us for network consulting and best practices deployment today! We support all Grandstream, Synology, DrayTek, Obihai, Poly, Ubiquiti, MikroTik, Extreme, Palo Alto, and more!
Come back for the next video!
Twitter - @WillieHowe
TikTok - @whowe82
SUBSCRIBE! THUMBS-UP! Comment and Share!
@Common-man_life Жыл бұрын
Please make a video on same setup with local pi-hole server with any public DNS as a forwarding on that pi-hole ... Thank in advance
@blindside995 Жыл бұрын
Simple and to the point! I like it! Thanks, Willie as always for sharing your knowledge and expertise.
@erikmarschang2245 Жыл бұрын
Thank you for another great video!
@JacksonCampbell 10 ай бұрын
Yes, I want a full video on logging and everything you mentioned at the end.
@PowerUsr1 11 ай бұрын
Good video Willie. Im actually interested in the alerting/logging aspect.
@madmikeross Жыл бұрын
Thank you so much! I had some rules set up to lock down dns and could not figure out why it wasn't working. The part at about 4:30 where you point out that there is a bug when ad blocking enabled saved me. Subscribed.
@g__rtz Жыл бұрын
Just a tip; not sure if it’s possible with these udm’s, but with the edgerouter it’s pretty easy to redirect all dns traffic to your dns server of choice. So, even devices with hardcoded dns entries that don’t use the dhcp provided dns will be requesting that from your pihole/udm whatever. Same for ntp; I have a ntp server running in my LAN and it’s also publishef through dhcp, but every packet on port 123 will be delivered to that ntp server irrespective of the setting on the client. Very powerful. Also, for dns, be sure not to just block 53, but also 853 (DoT) and 8053 (DoH).
@PE4Doers Жыл бұрын
Helpful video Willie. You got my 'like' 🙂
@zelimirfedoran9720 Жыл бұрын
Awesome video, would love one on in-bound rules. Perhaps another on splitting the home network into multiple (iot, guest, secure, etc...)
@Alex-456 Жыл бұрын
I would like to see a video on detailed logging for DNS and such. Also how would you make the firewall rules to apply to only a guest network for instance and not every Vlan.
@alecfagan9753 Жыл бұрын
Don't forget to allow NTP, often forgotten about.
@ghostingalong Жыл бұрын
would love to see this setup with Adguard local DNS sinkhole
@jamesc9001 Жыл бұрын
it would help some of us who are a little slower on the uptake to track what things you have done on the FW, if you could white board the changes and effects as visual aid.
@RayIT560 2 ай бұрын
Great video Willie. I do want to add that locking down the DNS could and probably will break some apps. I had that problem when I tried this recently. Turns out some apps have hard coded DNS settings so they stop working. Just keep that in mind
@kevinhughes9801 Жыл бұрын
Defo like to see same video with Pi-hole running dns please? I use Pi-hole a but not sure i have it setup correctly now after seeing this. Thanks
@TheENGR317 2 ай бұрын
What does my Default network DNS setting have to be set to in order for this to work ?
@heftigcool 8 ай бұрын
Hi Willie. What is the difference between the DNS settings in the internet section, the settings in the vlan section and the settings in the AP/Switch section when I enable fixed IP?
@alecfagan9753 Жыл бұрын
Any idea why unifi's ad-blocking breaks this? I haven't heard enough details about it yet to know why.. just curious. Thanks for mentioning this part
@Polkster13 Жыл бұрын
"Please, sir, I want some more."
@VitoAD Жыл бұрын
Thanks for the video Willie, I need to watch the prior videos on firewall rules. I have a UDM Pro at home just upgraded to ver 3. Question, does that rotary phone have dial tone and does it work?
@WillieHowe Жыл бұрын
Yes and yes
@VitoAD Жыл бұрын
@@WillieHowe I have one on my desk at work hooked up to an AudioCodes MP118 FXO. Got dial tone, it can receive but can't make calls. Phone system is all IP. Also the bell doesn't work.
@AlL-fw2cy 3 ай бұрын
I noticed your Block Kids 1 traffic rule. Do you have a video on what you do to block your kids access?
@MikeyD2487 Жыл бұрын
How about a video for masquerading firewall rules for dns? Especially for iot devices hardcoded dns that will break with these rules. Besides iptables directly, is there a way to do it within unifi gui?
@WillieHowe Жыл бұрын
The content filer does it automagically
@sergejkling6597 Жыл бұрын
have built opnsense with proxy ip and dns filter for free also nice firewall has all what the big devices have for free
@WillieHowe Жыл бұрын
If you have extra hardware, sure.
@majstealth 8 ай бұрын
i wonder why this works, the gw should also be unable to get dns requests out, since "ALL" was blocked from sending dns requests to the interface "internet"
@netwolfstar Жыл бұрын
Take a look at Firewalla Gold or purple, it makes content filtering so simple. I can so easily block apps for any device just from my phone. For soho sure a firewall and ip filtering rules are good but managing that hassle free for home fwg makes it easy, I wish I could replicate it on other firewalls with as much ease as your beholden to them on the predefined apps lists. But few things still go through, google and bing image search stills works. Unless you block all of google am not sure how you can filter these.
@pctech12345 Жыл бұрын
Willie, Is there a way to block all IPs outside the US? I want to protect my family from scams and honestly, I don't need any services hosted outside the US. Thanks for your input.
@WillieHowe Жыл бұрын
You can do the country blocking in UniFi.
@Stephen-wh7vl Жыл бұрын
Can we inverse the adult filter?
@WillieHowe Жыл бұрын
What's that mean?
@Polkster13 Жыл бұрын
My UDM SE doesn't have the option to set DNS servers on the Internet page in the Network app like yours does. I am on 3.0.18 firmware.
@WillieHowe Жыл бұрын
Do you have a static IP or are you using PPPoE?
@Polkster13 Жыл бұрын
@@WillieHowe It is a dynamic IP given to me by my ISP (but rarely changes) if you are talking about my WAN IP.
@Polkster13 Жыл бұрын
@@WillieHowe Never mind, I found it. It was buried a page deeper than I was at.
@kristopherleslie8343 Жыл бұрын
Just noticed my windows 11 workstation said my dns was unencrypted 🤦🏽♂️
@illstateofmind Жыл бұрын
Is that phone in the back connected via VOIP?
@WillieHowe Жыл бұрын
Yes
@illstateofmind Жыл бұрын
@@WillieHowe just watched the video where you set it up.
@Cmpe1ok Жыл бұрын
👍
@OGH3294 8 ай бұрын
Thumbnail: DNS Hub 😂😂
@Moonraker11 Жыл бұрын
If you keep DNS Server set to Auto, where does it gets its DNS server IP address from? Is it using the upstream ISP's DNS servers that are issued automatically?
@WillieHowe Жыл бұрын
Yes
@djstraussp Жыл бұрын
It's always DNS
@WillieHowe Жыл бұрын
How can I heart this like 10,000 times?
SpaceRex
Рет қаралды 41 М.
Полярная звезда - Kuzey Yıldızı
Рет қаралды 7 МЛН
Christian Lempa
Рет қаралды 47 М.
Willie Howe
Рет қаралды 18 М.
Lawrence Systems
Рет қаралды 89 М.
777 or 404
Рет қаралды 3,8 М.
KOMPUKTER
Рет қаралды 235 М.