Skip to content

Instantly share code, notes, and snippets.

@Belphemur

Belphemur/10-nextdns-catchall.sh

Created March 11, 2021 14:55
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Belphemur/f5f5afd19116ee17d4498f5ad87386a3 to your computer and use it in GitHub Desktop.
Save Belphemur/f5f5afd19116ee17d4498f5ad87386a3 to your computer and use it in GitHub Desktop.
Download ZIP
NextDNS catch all UDM
Raw
10-nextdns-catchall.sh
#!/bin/sh
SERVICE_FILE=nextdns-catchall.service
SOURCE_FILE_PATH=/data/${SERVICE_FILE}
SYSTEMD_FILE_PATH=/etc/systemd/system/${SERVICE_FILE}
if [ ! -f $SOURCE_FILE_PATH ];
then
echo "Can't find service file"
exit 1
fi
podman exec unifi-os stat $SYSTEMD_FILE_PATH
if [ $? -eq 0 ];
then
echo "Already installed"
exit 0
fi
podman exec unifi-os cp $SOURCE_FILE_PATH $SYSTEMD_FILE_PATH
podman exec unifi-os systemctl daemon-reload
podman exec unifi-os systemctl enable $SERVICE_FILE
podman exec unifi-os systemctl start $SERVICE_FILE
Raw
nextdns-catchall.service
[Unit]
Description=NextDNS Catch all traffic
After=nextdns.service
Requires=nextdns.service
[Install]
WantedBy=multi-user.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/ssh-proxy iptables -t nat -N NEXTDNS_CATCHALL
ExecStart=/sbin/ssh-proxy iptables -t nat -A PREROUTING ! -d 127.0.0.0/8 -j NEXTDNS_CATCHALL
ExecStart=/sbin/ssh-proxy iptables -t nat -A NEXTDNS_CATCHALL -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:5553
ExecStart=/sbin/ssh-proxy iptables -t nat -A NEXTDNS_CATCHALL -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:5553
ExecStop=/sbin/ssh-proxy iptables -t nat -D PREROUTING ! -d 127.0.0.0/8 -j NEXTDNS_CATCHALL
ExecStop=/sbin/ssh-proxy iptables -t nat -F NEXTDNS_CATCHALL
ExecStop=/sbin/ssh-proxy iptables -t nat -X NEXTDNS_CATCHALL
@paulg1981
Copy link

Thanks for this, working great for my UDMP

@seanbarr1988
Copy link

I tried setting this up and it did not seem to work. I places 10-nextdns-catchall.sh in /mnt/data/on_boot.d/ and nextdns-catchall.service in /data/ and it seemed to install fine on reboot but a client with a hardcoded dns server just ignores nextdns. Any help would be appreciated.

@magnuslsjoberg
Copy link

I put '10-nextdns-catchall.sh' in '/mnt/data/on_boot.d/' and 'nextdns-catchall.service' in '/data/' which I think is correct.
After a reboot of my UDM Pro I got it all working as intended.

Today I noticed that there was something strange with my lookups and saw that the iptables rules were missing.
I guess(!) that they were removed by unifi-os when I updated the firewall rules in the UDM Pro web page.

Can this be the case? If so, is there way to have them automatically reloaded?

(I'm new to Unifi and a few things are not as straight forward as my old OpenWrt router so I may have misunderstood completely.)

@kb9gxk
Copy link

kb9gxk commented Mar 4, 2022

The problem with this catchall is that if you try to use different NextDNS IDs per VLAN, it does not work and everyone ends up using the same primary ID. Is there a workaround for this?

@jinkang23
Copy link

The problem with this catchall is that if you try to use different NextDNS IDs per VLAN, it does not work and everyone ends up using the same primary ID. Is there a workaround for this?

I'm having the same issue... Has anyone been able to find a workaround for this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment