How to Install NextDNS on the UDM Pro
It's actually quite simple.
For a long time now, I have been using NextDNS as my go-to DNS provider. I have used pi-hole, adguard home, blockada, technitium, and a few other cloud based ad blockers. I always miss NextDNS and end up reverting back to my old ways.
I do have some gripes with the project, however, which I talk about here. Since I published this article, the CLI recently got two updates. The first update (nextdns-v1.40.0) was a major update and had a ton of new features:
5e0087b Switch UDM from iptables to dnsmasq forward
375f7be Add UDM path for DHCP lease file
aa3b037 Fix inconsistent status on systemd based system
054f6f4 Add some missing compilation flags
4903fcc Upgrade Go version
b93ab2f host: implement log following for systemd-journald (#823) GitHub
7d29df3 Update Debian keyring on upgrade to workaround expired key (#827)
9166d88 Upgrade Go version and dependencies
aad889b Update golang sys and net to latest, update docker to go 1.20 (#800)
468bac3 Fix bogus-priv causing gethostbyaddr() to hang
The switch from from iptables to dnsmasq is especially great. Iptables can use up a lot of system resources and can cause performance bottlenecks.
The second update was a hotfix for the major update.
I am happy to see that to project is getting some much needed love. However, at the time of writing, there are still several outdated and unused blocklists. My github issue still remains open and untouched :(
Regardless, I am still a user and will continue to be until someone decides to make a product that can compare.
But on to the tutorial…
I may have mentioned this before, but I personally trust Unifi for all my networking needs. I have a UDM Pro and a Unifi AP.
Although there are several ways to use NextDNS in the context of a home network, I found that the most reliable and the best way is to install the NextDNS CLI on the actual machine.
DNS lookups will happen locally on the machine and get forwarded to the upstream NextDNS provider.
It’s relatively simple to set up, but there are a few settings to tweak before we can start using NextDNS in this way.
Enable SSH on your UDM Pro. You can change this setting under “Console Settings.”
Navigate to the Unifi network application and make sure that the following settings are applied.
Under “Networks” change the DNS server to “Auto.” Make sure and change this for every network if you have multiple.
Under “Internet” change the DNS server to “Auto.”
And now we can install NextDNS.
SSH into your UDM Pro as root. You should see the following:
Next we are going to run the following command:
sh -c 'sh -c "$(curl -sL https://nextdns.io/install)"'After running this, we go through a quick wizard.
Use your NextDNS profile ID.
Next, choose Y/N for sending your device name. Sending your devices name lets you filter analytics and logs by device. I choose Y.
Next choose whether or not NextDNS caches responses. This improves latency and reduces the amount of queries sent to NextDNS. However, enabling this feature will disable dnsmasq for DNS to avoid double caching. I choose N.
There are a few more settings that can be changed later, but for now, these settings will be sufficient.
If you ever want to change those other settings or go through the wizard again, run:
nextdns config wizardNow that we have NextDNS installed, we want to ensure that it always starts on boot:
nextdns start
nextdns activateI always restart the UDM Pro after I install NextDNS. This ensure that all clients are forced to renew their DHCP lease and DNS server is pushed.
And that’s really all there is to it!
You should start seeing logs aggregating in your NextDNS dashboard.
Cheers,
Joe