unifios-utilities/nextdns/README.md

# Run NextDNS on your UDM

### Features
1. Run NextDNS on your UDM with a completely isolated network stack.  This will not port conflict or be influenced by any changes on by Ubiquiti.
2. Resolves IP addresses handed out by DHCP on the UDM!
3. Persists through reboots and firmware updates.
4. If you are already using PiHole and want to test NextDNS out, you can just stop your PiHole container and start this one in its place using the same IP/CNI config.

### Requirements
1. You have already setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script)
2. NextDNS persists through firmware updates. The on-boot script does not.  If you update your firmware, setup on-boot again and everything should work.

### Customization
* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh).  The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge.
* If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist), also update all the ips accordingly
* The NextDNS docker image is not supported by NextDNS. It is built out of this repo.  If you make any enhancements please contribute back via a Pull Request.
* If  you want to inject custom DNS names into NextDNS use --add-host docker commands.  The /etc/resolv.conf and /etc/hosts is  generated from that and --dns.

### Docker
The offical repo is boostchicken/nextdns-udm.  Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4).

The Dockerfile is included, you can build it locally on your UDM if you don't want to pull from Docker Hub or make customizations
```
podman build . -t nextdns-udm:latest
```
Building from another device is possible.  You must have [buildx](https://github.com/docker/buildx/) installed to do cross platform builds. This is useful if you want to mirror to a private repo
```
docker buildx build --platform linux/arm64 -t nextdns-udm:latest .
```

### Steps
If you have already installed PiHole, skip right to step 6.

1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/install-cni-plugins.sh) on your UDM
3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) symlink).  This will create your podman macvlan network
4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh).  You can leave out the iptables rules if you don't want to DNAT all DNS calls to NextDNS
5. Execute on_boot.sh
6. Create /mnt/data/nextdns and copy [nextdns.conf](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/nextdns.conf) to it.
7. Run the NextDNS docker container.  Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
```
 podman run -d --privileged --network dns --restart always  \
    --name nextdns \
    -v "/mnt/data/nextdns/:/etc/nextdns/" \
    -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
    --mount type=bind,source=/config/dnsmasq.lease,target=/tmp/dnsmasq.leases \
    --dns=45.90.28.163 --dns=45.90.30.163 \
    --hostname nextdns \
    boostchicken/nextdns-udm:latest
```
Note: 
8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
9. Uncomment ```podman start nextdns``` in on_boot.sh
Next DNS 2020-06-05 03:50:14 +00:00			`# Run NextDNS on your UDM`

			`### Features`
Final NextDNS changes 2020-06-05 04:46:20 +00:00			`1. Run NextDNS on your UDM with a completely isolated network stack. This will not port conflict or be influenced by any changes on by Ubiquiti.`
			`2. Resolves IP addresses handed out by DHCP on the UDM!`
			`3. Persists through reboots and firmware updates.`
Final NextDNS changes 2020-06-05 04:50:58 +00:00			`4. If you are already using PiHole and want to test NextDNS out, you can just stop your PiHole container and start this one in its place using the same IP/CNI config.`
Next DNS 2020-06-05 03:50:14 +00:00
			`### Requirements`
Final NextDNS changes 2020-06-05 04:46:20 +00:00			`1. You have already setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script)`
Small instructions fixes 2020-06-05 05:37:51 +00:00			`2. NextDNS persists through firmware updates. The on-boot script does not. If you update your firmware, setup on-boot again and everything should work.`
Next DNS 2020-06-05 03:50:14 +00:00
			`### Customization`
			`* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh). The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge.`
			`* If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist), also update all the ips accordingly`
Final NextDNS changes 2020-06-05 04:50:58 +00:00			`* The NextDNS docker image is not supported by NextDNS. It is built out of this repo. If you make any enhancements please contribute back via a Pull Request.`
			`* If you want to inject custom DNS names into NextDNS use --add-host docker commands. The /etc/resolv.conf and /etc/hosts is generated from that and --dns.`
Next DNS 2020-06-05 03:50:14 +00:00
			`### Docker`
Fixing HTTP Certs 2020-06-05 05:21:59 +00:00			`The offical repo is boostchicken/nextdns-udm. Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4).`
Final NextDNS changes 2020-06-05 04:52:00 +00:00
Final NextDNS changes 2020-06-05 04:46:20 +00:00			`The Dockerfile is included, you can build it locally on your UDM if you don't want to pull from Docker Hub or make customizations`
Next DNS 2020-06-05 03:50:14 +00:00			```
Small instructions fixes 2020-06-05 05:37:51 +00:00			`podman build . -t nextdns-udm:latest`
Final NextDNS changes 2020-06-05 04:46:20 +00:00			```
			`Building from another device is possible. You must have [buildx](https://github.com/docker/buildx/) installed to do cross platform builds. This is useful if you want to mirror to a private repo`
			```
			`docker buildx build --platform linux/arm64 -t nextdns-udm:latest .`
Next DNS 2020-06-05 03:50:14 +00:00			```

			`### Steps`
Final NextDNS changes 2020-06-05 04:50:58 +00:00			`If you have already installed PiHole, skip right to step 6.`

Small instructions fixes 2020-06-05 05:37:51 +00:00			`1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.`
Next DNS 2020-06-05 03:50:14 +00:00			`2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/install-cni-plugins.sh) on your UDM`
			`3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) symlink). This will create your podman macvlan network`
Small instructions fixes 2020-06-05 05:37:51 +00:00			`4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh). You can leave out the iptables rules if you don't want to DNAT all DNS calls to NextDNS`
Next DNS 2020-06-05 03:50:14 +00:00			`5. Execute on_boot.sh`
Small instructions fixes 2020-06-05 05:37:51 +00:00			`6. Create /mnt/data/nextdns and copy [nextdns.conf](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/nextdns.conf) to it.`
Final NextDNS changes 2020-06-05 04:50:58 +00:00			`7. Run the NextDNS docker container. Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.`
Next DNS 2020-06-05 03:50:14 +00:00			```
Adding restart flags 2020-06-14 15:56:55 +00:00			`podman run -d --privileged --network dns --restart always \`
Next DNS 2020-06-05 03:50:14 +00:00			`--name nextdns \`
			`-v "/mnt/data/nextdns/:/etc/nextdns/" \`
			`-v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \`
			`--mount type=bind,source=/config/dnsmasq.lease,target=/tmp/dnsmasq.leases \`
			`--dns=45.90.28.163 --dns=45.90.30.163 \`
			`--hostname nextdns \`
			`boostchicken/nextdns-udm:latest`
			```
Final NextDNS changes 2020-06-05 04:50:58 +00:00			`Note:`
Next DNS 2020-06-05 03:50:14 +00:00			`8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.`
Cleaning up directions on container starts 2020-06-14 15:47:56 +00:00			9. Uncomment ```podman start nextdns``` in on_boot.sh