Ubiquiti UniFi Gateway - Block Client's Custom DNS Settings (DoH/DoT)

No video

Ubiquiti UniFi Gateway - Block Client's Custom DNS Settings (DoH/DoT)

Рет қаралды 1,709

777 or 404

Күн бұрын

Пікірлер: 11

@reelmccoyfx Ай бұрын

Thanks for the video. I love the thoroughness and testing of changes made. Looking forward to future videos. And stupid me accidentally got click happy on my previous comment and deleted it. Sorry about that.

@hz777 Ай бұрын

np😊

@frenchysg8089 19 күн бұрын

Great video. Could you help me understand one part? I've a Pihole and Unbound on a separate server like your Pihole+unbound example, and this is my DNS resolver. But When I'm blocking "All other DNS" my server no longer resolve DNS, It seems to have something to do with Unbound and that rule. Using Debian 12 on that server. I did add my server IP in the DNS group, but it doesn't help.

@hz777 Күн бұрын

How did you block "all other DNS"? Do you use Unifi gateway?

@bavobostoen Ай бұрын

Thanks, very clear, I wonder if doh blocking can ever be implemented without full SSL decryption at gateway?

@hz777 Ай бұрын

If the server also has other functions you need so you only want to block the doh function, you are right that's impossible. In this video I assume it's fine to block the server completely.

@TangDynasty1983 Ай бұрын

Could you please share how to set up WS to capture the WAN port of the UXG-Pro? Thank you.

@hz777 Ай бұрын

It's very easy. My uxg-pro runs behind another router, and the wan port is connected to a UniFi switch in my home network. I simply set a port on the same switch to monitor the port that connects to uxg-pro's wan port, then run Wireshark against the monitoring port

@TangDynasty1983 Ай бұрын

@@hz777 makes sense. what if I have the Unifi as my WAN router, is there way to have WS capture the WAN traffic?

@hz777 Ай бұрын

@@TangDynasty1983 the easiest way is to use tcpdump in the router to capture wan traffic to a file, then later using Wireshark to display the captured file.