Certainly every situation is different. As with many things once your setup gets large enough the economy of scales makes moving off a bit harder. I just had a few Arlo cameras and their doorbell. Arlo made has made it very difficult for their users with subscription overload. They were very affordable when I started with them, but as of the last few years they were milking their users with subscription fee's moving functionality behind pay walls. Only having a few cameras it pays for itself before to long even with the Unifi stuff being a bit pricier the most.
Sounds like Ring isn't as bad as Arlo, but it is just a matter of time to pay for itself.
This is the main reason I haven't considered some of their other cameras. I have one more I would like to get and I would like to get one of their turret cameras. I am just not excited about running the POE cable.
Forgot - I also have a Ring doorbell, so add another $150-ish? to my hardware costs.
I think the most important use of our cameras will be when we age up and my kids use them to make sure we don't wander aimlessly away from our house unsupervised.
Sounds like all control of nextDNS via ssh/CLI? Is that correct?
Does the nextDNS setup persist over gateway FW updates or do you have to repeat it?
Seems like below implies that you have to do nextDNS updates manually/via CLI. Is that correct?
--> To upgrade to the last version, simply re-run the installer above. If a new version is available, the upgrade action will added to the list of possible actions.
I don’t use the CLI. I simply setup encrypted DNS in the GUI. I have no need to see individual device names making DNS requests in NextDNS. It’s also my understanding that anything installed via the CLI is unsupported by Ubiquiti. If there’s an issue, it’s on you to figure it out and fix it.
For NextDNS setup, I do everything via the web after logging in to my NextDNS account.
I originally used the "DNS Shield" UI to enable NextDNS. However, things would go haywire once every couple of weeks and DNS resolution just stopped working as if nothing was configured. Clearing and reenabling the settings in the "DNS Shield" UI fixed it for a while. This was last summer/fall so I assume whatever the problem was at that time has been fixed by now.
If it works for you, and you don't have any need to see individual client device names in the NextDNS logs, you're done; go get your preferred adult beverage and enjoy. You can control which blocklists you want to use, white/black lists, etc. in the NextDNS web site, but nothing more needs to be done in your device.
If you do want to see individual client names in the NextDNS logs, then turn "DNS Shield" off in the UI and follow the instructions in the first bullet point in your post. For me, the NextDNS CLI setup has persisted over FW updates, so I have not had to repeat it. I have not attempted to update the CLI, or for that matter even checked if there's a newer version. It just works.
I was a little leery about messing around at the SSH level (particularly installing something unofficial), but the NextDNS CLI seems to have no adverse effects whatsoever on either my UDM Pro-SE, or the UDR at our summer house.
Looks like UI has renamed "DNS Shield" to "Encrypted DNS" in most places, except in the Android mobile app. So I've gotten past a bit of confusion looking fruitlessly for "DNS Shield" in Settings>Security on my laptop after having seen "DNS Sheild" on my mobile. Thanks, UI.
Regarding setup via the UI GUI, the only Encrypted DNS setting I see is choosing nextDNS from the list of preconfigured encrypted DNS providers.
What I don't get is how to to connect that setting in the UI GUI to my nextDNS account/profile. Do I need to enter the DNS-over-HTTPS endpoint from my nextDNS account in the DNS Server list under my primary WAN? Currently have that set to Auto:
Also have DDNS via DuckDNS set up on my primary WAN so I connected things to nextDNS via DDNS on the nextDNS site, but not sure if that's the best way to do it...
LOL...I was checking DNS resolution every couple of minutes as I was poking around changing things. I do fear the wrath... She's taking a lazy Sunday morning and is in bed perusing the interweb reading about home design and food/recipes. If I interfere w/that, woe betide me!!
I think now I get it:
Predefined: No nextDNS account connectivity, just using nextDNS servers
Custom: nextDNS Account connected
I had assumed that the "Predefined" option would include "...and here's where you put your account info!" much like the Dynamic DNS settings in the UnifiOS. But no...
Not necessarialy. On the NextDNS web site on the Setup tab:
Set the address of your router and all incoming DNS requests from that address will use your account. But this would not be the preferred method of connecting to your NextDNS account. Either the custom setting, or using the CLI would be better. Then it's not dependent upon your IP address, which of course could change unless you have a static IP from your ISP.
Thanks, interesting. I did actually enable the Linked IP address setting (along w/my DuckDNS settings to keep the external IP address updated) in the nextDNS settings before I added the DNSCrypt settings to the Unifi Network app, and my devices were still not reporting they were using my profile.
Had my first glitch today presumably related to nextDNS...connected my laptop via ethernet to one of my switches and am unable to access my gateway's IP (192.168.10.1) or my NAS drives. But - weird, I can access my NAS drives content from the mapped drives I've set up. Just can't access my NAS via their IP addresses. Also started getting some weird behavior w/plain old web pages not refreshing normally, including Hubitat community pages, but most web pages I accessed came up fine.
When I hover over the network connection icon in the taskbar I get the correct network (AP-2A, my Default network) but the number "10" is appended. My default network is 192.168.10.0/24.
When I go back to Wi-Fi on my laptop everything is perfect/normal again. I haven't done any nextDNS setup on my laptop and didn't think I would need to...Do I need to follow the Windows Setup instructions on the nextDNS site when I'm using my laptop at home? Doesn't seem that should be necessary...
I do have to say that I think today is the first time that I've connected my laptop to ethernet since I set up the new Unifi HW...I typically run full-time on Wi-Fi on my laptop and just didn't have any reason to try it. Wife is busy on her laptop so can't try hers at the moment, but she's on ethernet at her desk in the office and hasn't run into any issues (I would have heard it).
Will I blow anything up if I toggle off the nextDNS settings in the Network app to see if that's what causing the connectivity problems via ethernet?
Nope, you'll just revert to whatever the regular DNS settings are.
I really doubt this has anything to do with NextDNS, or DNS in general. DNS isn't involved if you're tryiing to connect to an IP address. Sounds like you might have a firewall rule in place that's preventing access. Did you switch to zone-based firewall rules?
I did switch to zone based firewalls recently, I'll take a look at that next. I set up some additional rules limiting access from my IoT VLAN to the Default network, allowing only established related back to the default network. Maybe I inadvertently messed something up.
Odd thing is it's been working fine for at least a day and then now suddenly after I played around with connecting my computer via ethernet, things have gone wonky for me, even when I'm on Wi-Fi.
Things appear to be OK in the Zone Firewall, but I'm new to it so something might be amiss that I'm missing. I didn't bring any rules from my old setup, as it was on an EdgeRouter so nothing could come across from it to the Gateway.
Added an IoT zone w/my VLAN20-IoT network, and a couple of simple rules for Internal>IoT and IoT>Internal.
Not that I can see. There's no access from your IOT network to your internal network though. Is it possible that when you connected your laptop via ethernet, that it ended up on the IOT network?
I don' t know what the "10" is that's appended to your network name.
She's taking a lazy Sunday morning and is in bed perusing the interweb reading about home design and food/recipes. If I interfere w/that, woe betide me!!
