Very informative, but still device's hard-coded DNS take priority and ignore DNS shield.
@jamb312Ай бұрын
Love every video. Learning so much keeps me coming back every time.
@NoCPU23 күн бұрын
The quality of the information in this video is incredible. The amount of detail and low level testing you do to teach how this works is unreal.
@yankee-in-london10 күн бұрын
great video! nice work.
@Lee-wh3htАй бұрын
Juicy
@corsontuckerАй бұрын
your video descriptions with different virtual/physical hosts being shown are amazing and graphics are very clean. what program(s) do you use to virtualize and tile your windows like this? really enjoy the minimalist look. keep up the great content.
@hz777Ай бұрын
For vm, I use ESXi; for tile management, I use window tidy.
@TangDynasty1983Ай бұрын
Thanks for another great video! Can you share how you used Wireshark to capture the traffic on the router? Did you use a client device and set WS to capture the WAN port of the UXG pro?
@hz777Ай бұрын
The router in the video is for my lab environment, which is behind the main router of my home, so I can easily run Wireshark on wan port. An alternative way is to run tcpdump in ssh to the router, to capture wan port traffic.
@suprakar2 күн бұрын
Thank you for the very informative video. Now the one question I have is can we use our own DNS over HTTPS server? Can I manually override this in the cli?
@hz7772 күн бұрын
Nope, because the UI's list comes from the url in the DNScrypt-proxy config file. Even if you manually change the file, you won't be able to touch the list of servers hosted on public web. Having said that, I don't see why you want to use DNS Shield if you host your own DNS resolver already.
@toddshreve16 күн бұрын
Thanks for the video! I would seem there are 3 DNS related features we may want to implement 1) Blocking ads (pihole) 2) Full DNS server (not just a relay/proxy - Unbound) 3) DNS encryption (Unbound and DNS Shield). If you want all 3, it would appear Pihole + Unbound is still the ticket?
@hz77716 күн бұрын
I think so as well.
@hz77716 күн бұрын
The DNScrypt-proxy features are not completely exposed in unifi's DNS Shield yet, so there are something to improve there for sure. And if Ubiquiti can add DNS log function, it will be perfect.
@toddshreve16 күн бұрын
@@hz777 At the moment I have my pihole DNS upstream server set as the LAN port of my Gateway Max to try out DNS Shield. I just purchased this unit. I haven't had a UniFi security device since the USG. Figured I'd see if they made any progress in the space. Indeed, they have.
@andreamessina643917 күн бұрын
So, what's the point in having the option to select a DNS in WAN if when DNS Shield is enabled, it will take over the WAN DNS anyway? Shouldn't make more sense that options for DNS in WAN became graded out and give an information message to warn the user that DNS Shield settings are inhibiting DNS WAN setting? This would have make it more user-friendly to understand the way it really works. BTW many thanks for your video as I doubt I would have never find out how the settings take over each other without your video. I subscribed already :)
@hz77717 күн бұрын
I am completely with you on this! But we all know how Ubiquiti responds to this type of "minor" things in the web interface, so I never bothered to suggest anything to them.
@andreamessina643917 күн бұрын
@@hz777 actually I was just playing around with it again and I just find out that if you set up the WAN DNS and later go to DNS Shield and change it to auto or manual it gives you a warning message: “the DNS server configured on the WAN will no longer be used” 😂
@hz77717 күн бұрын
@andreamessina6439 interesting... So the warning is only implemented in one way instead of completely.
@JonnieF1422 күн бұрын
Would you still say Pi-Hole is best practice? Or just use DNS shield?
@hz77722 күн бұрын
I have never said pi-hole was the best practice:) However, even with DNS Shield, UniFi routers still miss some features in pi-hole, but for me DNS Shield is good enough.
@JonnieF1422 күн бұрын
@@hz777 Haha , yeah I know you didn't say best! I just followed some of your previous videos and setup my pi-hole and wasn't sure if that was still the way to go! :D Both seem great obviously, especially if you don't want to go through the process of setting up one or two pi-holes. Great vid as always.