The quality of the information in this video is incredible. The amount of detail and low level testing you do to teach how this works is unreal.

Love every video. Learning so much keeps me coming back every time.

Wow man, you have some great videos. I have been wondering what's going on in the backend with Unifi equipment for a long time and it has made advanced configurations quite challenging, but you have definitely helped!

Excellent video

Wow this guy knows what he is doing!! Thank you learned so much!!

Very informative, but still device's hard-coded DNS take priority and ignore DNS shield.

Excellent info. Btw, in the current version of Network app, if you have a custom Internet/WAN DNS set and go to enable DNS Shield it'll warn you that it will override.

That was really informative, ty!

love your videos, I always wanted to test these setups but I don't have money to build a lab, and I can't disrupt production environment...

Awesome video, do I need to change settings to my access point in order to benefit from this configuration?

Thank you for the very informative video. Now the one question I have is can we use our own DNS over HTTPS server? Can I manually override this in the cli?

Thank you!

Thanks for another great video! Can you share how you used Wireshark to capture the traffic on the router? Did you use a client device and set WS to capture the WAN port of the UXG pro?

your video descriptions with different virtual/physical hosts being shown are amazing and graphics are very clean. what program(s) do you use to virtualize and tile your windows like this? really enjoy the minimalist look. keep up the great content.

So, what's the point in having the option to select a DNS in WAN if when DNS Shield is enabled, it will take over the WAN DNS anyway? Shouldn't make more sense that options for DNS in WAN became graded out and give an information message to warn the user that DNS Shield settings are inhibiting DNS WAN setting? This would have make it more user-friendly to understand the way it really works. BTW many thanks for your video as I doubt I would have never find out how the settings take over each other without your video. I subscribed already :)

Thanks for the video! I would seem there are 3 DNS related features we may want to implement 1) Blocking ads (pihole) 2) Full DNS server (not just a relay/proxy - Unbound) 3) DNS encryption (Unbound and DNS Shield). If you want all 3, it would appear Pihole + Unbound is still the ticket?

great video! nice work.

Juicy

Hello I hope you can help me out. I have implemented all this in exactly the same way, but when I inspect with wireshark I notice that during the TLSv1.3 handshake the SNI is completely leaked. Any idea why that can be?

Would you still say Pi-Hole is best practice? Or just use DNS shield?