UniFi FINALLY added DNS - How to add DNS records to Dream Machine Pro 8.2.93

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right how's it going y'all so UniFi has just now finally added a feature that I have been asking for and tons of people have been asking for for what feels like years and that is DNS records and pretty much full-blown DNS records in the new update 8.29 3 for unified Network application and this is one of the last missing blocks that I feel like UniFi has had for a long time and that is the ability to add DNS records and and while this sounds like not that big of a deal it is absolutely a huge deal because they've added in a few key features that allow you to do so much stuff and properly run DNS on a network without having to have multiple redundant DNS servers and whole bunch of stuff it goes from making a pretty simple Network to a very complex Network because if you want to run DNS locally you have to make sure it's redundant we're going to talk about that all in a little bit here and that's what we're going to be going over here so DNS records are an absolute awesome thing I use them on my network and I'm going to show you how I'm going to start adopting them into my system and for my case there's really not much missing I will talk about a couple things I'd love to see in the future and some stuff that is actually coming also if you like these videos subscribe we're trying to hit 100,000 subscribers so we appreciate it all right we're going to jump right in and skip over all the other great features they've added here because I'm really excited for specifically DNS records right here and they've got a help article right here that essentially says hey you can now use the DNS server to create a records quadruple a records for ip6 mail records as well as txt service and forwarding and cames are going to be added in later and I think I saw one other thing that might be added in later on as well yeah C names NX domain and pointer records and pointer records are going to be really useful to have and we'll talk about that in a little bit here but these are huge deals for being able to run things locally and it's something you really want to run on a router if at all possible because while it's great to have your own DNS server it's also very dangerous hosting your own DNS server because DNS is required to use the internet essentially if you're running your own DNS server and that DNS server goes down and you don't have a secondary one on your local network effective L you do not have internet on that local network and so if you're ever running a DNS server you have to make sure that it has pretty much 100% uptime because any downtime that DNS server has is downtime for the entire network essentially because now your family can't get access to the internet or even your employees can't log in their Gmail accounts because DNS is used for everything on the internet and because DNS is so critical to keeping the internet on it makes sense to run it on the other other thing on your network that is required to keep the internet on and that is your router so one thing you really want to do if you can is run DNS or at least have a forwarding DNS server on your router because if your router's down well your internet's down too so it doesn't really matter and so that's why it's really really really good to have a DNS server on a router because now if your Nas reboots that was running your DNS server previously well everybody still has internet because they are using the udm that you've got set up and so that's why this is such a big deal there are a ton of applications in most businesses that can run a DNS server but the best one is to run it actually on the local router because that's the only other thing that if it goes off shuts off the entire internet so you can go from having two things that can break the internet to having one thing that can break the internet which is always always always useful so that's why this is so useful and previously they did have like the 70% solution that worked in many people's cases and that was the ability to essentially assign a DNS record whenever you were signing a fixed IP address in the console so you could always come in click on a device and whenever you set up a fixed IP address you also have the option to add in a local DNS record which was satisfactory for a lot of cases but for businesses with a lot more complex things you need real DNS and that is what they're adding in here so now if you go into your routing rules under DNS you now one see all those fixed IP addresses and you'll see those locks right here where anytime you created a local DNS record you'll see that it has shown up right here and the nice thing is if you change that DHCP reservation this will update but now you also have this create entry button and we have currently these types a quadruple a mail text service and forward I'm not sure why you would use a mail Rec but the great thing about DNS is it can do so many things and communicate so many things so it's really useful to have these things but for me personally when I'm running DNS servers I normally use well three things a records C names and forwarding domains specifically whenever I'm talking about local DNS servers obviously I've got a domain I've got two domains I'm using txt records mail records everything like that but for a local DNS server where you're really resolving stuff internally those are the three ones that I use by far the most as well as pointers which are used for reverse DNS lookups so now let's go in and kind of see how we can do this so let's say I want to be able to go to this Nas right here without having to remember an IP address for it well we can start off with the most basic record which is a good old a record so we can say pretty much any domain we'd like to and just give it a record and so essentially this is all we've got to do if we type in this into our browser and we are using the udm as the local DNS server it will actually just take us right here and so we can go ahead and add this record go ahead and just test it out and just like that it resolves directly to that Nas so that is an a record and that is just super useful for being able to have all your stuff fluid and updatable now let's say I need to move this Nas to a new network a new VLAN or employe at another office I don't have to remap everybody's drives if I have been mapping it off of demo. video. space.co in everybody's Windows File Explorer and Mac OS finder all I have to do is whatever new IP address that gets I just have to update it right here and that is the power of DNS and that's why complex businesses always have to run a local DNS server because now you can control everything from one pain you don't have to update your login scripts for everybody you don't have to go to everybody's computers and change what map drive there is instead you just have one place where you update the record and now it is updated for everybody so now let's say that that happens this IP address changes for whatever reason just make it static let's say it moves on over to this guy right here 10.30 50.50 all I have to do is update my record in one place wait for my TTL to expire basically TTL is how long a DNS record survives for and and just like that after I turned Wi-Fi off and turned it back on to get forced me to get a new DNS record pulled it just updated and so that is the real power of DNS and that's why it's so useful to be running there's also a bunch of other things you can do with it and one of the best ones is a reverse proxy so a reverse proxy allows you to essentially have slsl certificates for all your devices on your Network all going through one paint of glass and that way you can run a ton of services locally and not have to worry about all right does that have a SL certificate does that have an SSL certificate instead it's all just in one location and the way reverse proxy works is it actually looks at the domain name that the client's requesting to come on in to figure out where to send it so whenever you're setting up a reverse proxy you essentially will have every single service that you want to be able to be accessible on this reverse proxy will all have a host name a DNS record pointing to a single IP address and the previous way that this worked on UniFi that was not possible but now you could have a bunch of Records all all pointing to maybe a Synology like this if you want to just use it for the reverse proxy and now you can start differentiating traffic based off of the domain name somebody's going to and there are a absolute ton of things there that you can do with this but we're not going to go over them right now all right and so now let's talk about the next really useful thing that we got to go over here and it might even be more useful for a records for a lot of people and that is the ability to create forwarded domains forwarded domain are absolutely awesome essentially what they do is they hijack whatever domain youve put here and instead of sending it to its Upstream DNS server it sends it to the DNS server that you specify here so that's actually perfect for my situation and also perfect for a lot of other situations so if you've set up a business correctly and a domain properly and you've got local DNS records you actually should use a domain that you own for me I use space.co but I don't want to use space.co because I have websites I have a bunch of stuff publicly hosted on space.co that I don't want to have to deal with locally I don't want to overwrite those records so instead what you do is a subdomain of that so for me I do sr. space.co so whenever I am typing in DNS records into my computer to go to web browsers and things like that I just type in fs01 sr. space.co and I can add any records I want to that sr. space.co and I can set them up however I like and I've got those bind DNS servers that handle all that for me and that is a very very very common use case and if you do that you can have a super complex specific DNS server that has every feature in the world you want that is only used for those records so I'm going to give an example I'm going to do exactly what I'm going to be setting up my network for is exactly what we just went over so I've already got a zillion DNS records and a bunch of custom configurations all set up for myself on a DNS server that is hosts. sr. space.co and what I'm going to do is I'm just going to tell the UniFi hey anytime you get a request for something at sr. spacex.com send it on over to my local DNS server and before I add right here to save it I'm just going to show you what happens right now if I go ahead and try to request that so I'm going to use a thing called dig dig is a great command it's the same thing as NS lookup for Windows and it's just going to allow me to ask a DNS server what's going on so say I want to find fs01 sr. space.co and by default I'm using my un UniFi dream machine as the DNS server it has no clue where that is because cloudflare runs space rex. code publicly and we've not told it that this exists but I do have a local DNS server running bind that knows exactly where that is and that local DNS server is 10311 I also have2 running that and probably do3 but essentially this local DNS server knows where this is let's just have the UniFi do that exactly so now with this forwarded domain we're telling the UniFi hey if anybody's ever asking about something. sr. space.co 10301 111 knows about it so we're just going to hit add and rerun that same NS lookup right on 10.3.0 do1 which is my UniFi router and hey it now understands where that is and this is incredibly powerful for multiple reasons one it allows you to run a fancy local DNS server that is non-critical to the internet now if you want to just have a single DNS server well that's okay because if it goes down local Services won't respond but the internet will still work and so that is way better than taking out the entirety of the internet if the local DNS server is rebooting or if you put a bad record in there and it doesn't work right now one thing I do wish they would add here I'd love to see in future revisions of this is it to actually have a secondary DNS server here I just think that would be the cherry on top for that and so that's one way to use it the next and even more critical way of using it is for Sight to sight VPN lookups and this is something that is huge so say you've got two different office locations with two different it departments and they have their own local subdomains that they're using for their services maybe AutoCAD maybe a time card who knows what and you want the two sites to be able to talk to each other you want employees who are at one site to be able to go to the time card site at the other who knows you don't want to forward your entire domain to that server because well if the sight site VPN goes down now everything's broken instead you can use a forwarded domain to just forward those specific lookups so you can just say hey that site uses sr. space.co forward any of our lookups to that DNS server that way instead of hijacking all your DNS lookups it's only doing the ones that you want and that is immensely powerful and this is going to be huge for me because I deploy a ton of clients with UniFi routers and sonology nases and now if I need more complex lookups than is a available on UniFi I can achieve all of it with the DNS over here so this gives you everything in the world that you could possibly need through zology it's got all your extra zones you can do way way way more than you can on UniFi and so now you get the best of both worlds you can run this local DNS server here and now you don't have to have the nas on for the internet to work all right so now I want to talk about one more really useful thing that this is going to allow me to do and that is what's called a reverse DNS lookup reverse lookup basically gets an IP address and gets a domain name and what that can allow you to do is that can allow you to write really nice firewall rules that say Hey FS1 sr. space.co they're allowed in because now instead of having a host name tied to an IP address you have an IP address tied to a host name I'm not going to go over how reverse DNS lookups go but instead of writing the IP address left or right like you're used to they actually do the IP address reverse right to left and so if you're doing a reverse lookup for 1 192.168.0.1 what your computer knows to do whenever it's doing this lookup is it goes and rewrites it into 11.0.1 168.192 doin arpa so this right here is your reverse DNS lookup Zone and it's specially reserved for that so this uses that pointer record and points to a DNS lookup so I already use these reverse DNS lookups for a lot of reasons one whenever you're getting logs instead of seeing them in IP addresses most services will actually do a reverse lookup on that and now boom you actually just see the host name rather than the actual DNS record two whenever you're writing firewall rules for services or allowing certain things on a database you can do the exact same thing there's tons of ways you can use this and they're really useful to have once unify adds their pointers you should be able to do this as well which is going to be great I'd actually love them to have a really nice interface for creating these reverse records because having reverse DNS records for things it is awesome once you get it all set up but what I'm going to do is I'm also running this domain at those bind DNS servers so now I can still use this just using my forwarded domain so I'm going to go back over here and I'm actually going to forward that arpa domain to that local DNS server now if I do a reverse lookup so in dig the way you do a reverse DNS lookup is you type in the DX and then the IP address so if I do a reverse lookup of 10301 31 it knows it is fso 1. space.co so that's the other way you can use it is you don't even need to have all the features in the world under this UniFi because having that forwarded option gives you pretty much every single option in the world I also use this to hijack domain controllers if you don't know about Windows domain controllers then they essentially require you to run DNS on them to get everything to work and that's a problem because domain controllers are incredibly expensive for the licenses and people don't want to run two of them and so a lot of times they only have a single one which brings us back to that original problem where if the domain controller is down now everybody's internet is also down you can use these forwarded lookups with a service record as well to actually use your router as the DNS server and just send those service records on over to the actual domain controller allowing you to survive the domain controller rebooting without taking out everybody's internet all right so there is still a ton of things you can do with this but as you can see DNS is a critical thing to have on a network and allows you to do some really cool things and I'm really glad that UniFi has finally added Us in here that is one of the last things that I had left that I really wanted to see UniFi add in to their Dream Machines and there's really not many left we've got the ability to have multiple way IP address is assigned and use routing off of that we have added so many pieces here that have made it very useful and every single update it feels like UniFi is ticking things off those lists that are required to really run this router in an Enterprise mode I'm very happy to see these absolutely play around with these and one of the great things about this is It's just so much safer to run DNS on your router because you don't have to worry about the DNS server rebooting and taking out your entire Network anymore because if you router reboots it's already going to do that I also am a UniFi affiliate I got those links down in the description below so check those out and if you have any other questions put those down in the comments below all right have a good one bye [Music]

Info

Channel: SpaceRex

Views: 44,260

Rating: undefined out of 5

Keywords:

Id: H0_ctbCm2r8

Channel Id: undefined

Length: 20min 33sec (1233 seconds)

Published: Tue Jun 04 2024