Ubiquiti UniFi Gateway - Block Client's Custom DNS Settings (DoH/DoT)

Рет қаралды 2,580

777 or 404

Күн бұрын

Пікірлер: 12

@buenology 28 күн бұрын

I am glad to have found your videos. Excellent work! I subscribed!!

@reelmccoyfx 4 ай бұрын

Thanks for the video. I love the thoroughness and testing of changes made. Looking forward to future videos. And stupid me accidentally got click happy on my previous comment and deleted it. Sorry about that.

@hz777 4 ай бұрын

np😊

@frenchysg8089 3 ай бұрын

Great video. Could you help me understand one part? I've a Pihole and Unbound on a separate server like your Pihole+unbound example, and this is my DNS resolver. But When I'm blocking "All other DNS" my server no longer resolve DNS, It seems to have something to do with Unbound and that rule. Using Debian 12 on that server. I did add my server IP in the DNS group, but it doesn't help.

@hz777 3 ай бұрын

How did you block "all other DNS"? Do you use Unifi gateway?

@bavobostoen 4 ай бұрын

Thanks, very clear, I wonder if doh blocking can ever be implemented without full SSL decryption at gateway?

@hz777 4 ай бұрын

If the server also has other functions you need so you only want to block the doh function, you are right that's impossible. In this video I assume it's fine to block the server completely.

@TangDynasty1983 4 ай бұрын

Could you please share how to set up WS to capture the WAN port of the UXG-Pro? Thank you.

@hz777 4 ай бұрын

It's very easy. My uxg-pro runs behind another router, and the wan port is connected to a UniFi switch in my home network. I simply set a port on the same switch to monitor the port that connects to uxg-pro's wan port, then run Wireshark against the monitoring port

@TangDynasty1983 4 ай бұрын

@@hz777 makes sense. what if I have the Unifi as my WAN router, is there way to have WS capture the WAN traffic?

@hz777 4 ай бұрын

@@TangDynasty1983 the easiest way is to use tcpdump in the router to capture wan traffic to a file, then later using Wireshark to display the captured file.