Skip to content

Instantly share code, notes, and snippets.

@nathansgreen

nathansgreen/README.md

Last active May 19, 2020 21:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nathansgreen/1c7ed853fe04b988e7c2e8e470b2d88c to your computer and use it in GitHub Desktop.
Save nathansgreen/1c7ed853fe04b988e7c2e8e470b2d88c to your computer and use it in GitHub Desktop.
Download ZIP
USG Disable DNS over HTTPS on local LAN with dnsmasq
Raw
README.md

I wanted a way to disable DNS over HTTPS so I can control DNS activity on my local network. I also block unauthorized outbound DNS requests with firewall rules.

The biggest limitation of this approach is the need to put all forwarding options in the config. Leaving out options, especially the 'server=' can break DNS on your whole network, so be careful. SSH into your USG and run mca-ctrl -t dump-cfg to find your current options and use them to replace the values in the file here.

I recommend running cat /etc/dnsmasq.conf before and after applying this config to see if you are missing things you need. Needless to say, if your DNS servers might change (your ISP could assign something new with DHCP, for instance) you probably won't be able to use this approach.

Raw
config.gateway.json
{
"service": {
"dns": {
"forwarding": {
"options": [
"ptr-record=1.1.168.192.in-addr.arpa,my-usg",
"all-servers",
"cname=unifi.local,unifi",
"server=0.0.0.0",
"address=/use-application-dns.net/",
"host-record=unifi,192.168.1.2"
]
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment