A quick How To for getting conditional DNS forwarding working on the UDM-PRO hardware. Before this upgrade I ran a CloudKey Gen 2 controller and a USG-PRO-4 for routing – this allowed me to deploy custom configuration via the config.gateway.json to insert extra options to the running config.
The options I needed were to force the DNS server on the gateway to check against my Active Directory DNS for those entries that arrive with the correct suffix – ad.durdle.com. This allows the lookup of clients from the UniFi’s DHCP lease table as well as AD DNS entries.
The UDM-PRO is a completely different beast from the old controller and gateway, running an entirely different OS. It doesn’t support config via json. So what’s a geek to do?
A collection of things to enhance the capabilities of your Unifi Dream Machine or Dream Machine Pro.
We’ll just be using one of them:
on-boot-script. This enables
init.d style scripts to run on every boot of the UDM. We can then write a script to inject some
dnsmasq configuration at boot time.
You will need:
- A UDM on the latest firmware. I did this on a UDM Pro running firmware 1.8.3. That includes Network controller 6.0.41.
- SSH enabled on the UDM Pro. (see
- UDM-Utilities on-boot-script installed. See:
Once that’s all set, you can write a start up script to inject the dnsmasq options you need:
- SSH into the UDM Pro using
root@<your device IP>and the password you set in the SSH GUI.
- Change to the boot script directory with
vior any other editor you may have installed, create a new file to run on boot. I called mine
#!/bin/sh cat > /run/dnsmasq.conf.d/conditional_dns.conf <<- "EOF" # Created by a UDM-Utilities run script server=/ad.durdle.com/192.168.1.201 server=/_msdcs.ad.durdle.com/192.168.1.201 EOF # Restart dnsmasq so it sees the new conf file kill -9 `cat /run/dnsmasq.pid` # Thanks Andreas Luebbers for the updated kill command. # Old kill command: pkill dnsmasq
NB: Change my entries to the right values for your domain and DNS server!
- Save that file then make it executable:
chmod +x dns_conditional.sh
- Test it:
- Check for your new config in the
- Check the content with:
Now restart the UDM and repeat the checks that the file is there and has the correct content.
All being well, you can configure the DHCP server on the UDM to configure itself as the DNS server for its DHCP clients. When they do lookups they’ll come from the UDM lease table, or the ISP DNS, or – if their suffix matches the configured domains – to your local Active Directory DNS server.
Update 11/Jan/2021: Thanks to Andreas Luebbers for noting that since the 1.8.5 update the line that kills dnsmasq needed to change.