Mirrored_Repos/unifios-utilities
1
0
Fork 0
mirror of https://github.com/unifi-utilities/unifios-utilities.git synced 2024-08-30 18:32:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Final NextDNS changes

Browse Source
This commit is contained in:
John Dorman 2020-06-04 21:46:20 -07:00
parent 729ebe93a6
commit 7364385ac9
4 changed files with 39 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
nextdns/README.md
View File

@ -1,21 +1,27 @@
# Run NextDNS on your UDM
### Features
1. Run PiHole on your UDM with a completely isolated network stack. This will not port conflict or be influenced by any changes on by Ubiquiti
2. Persists through reboots and firmware updates.
1. Run NextDNS on your UDM with a completely isolated network stack. This will not port conflict or be influenced by any changes on by Ubiquiti.
2. Resolves IP addresses handed out by DHCP on the UDM!
3. Persists through reboots and firmware updates.
### Requirements
1. You have setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script)
2. PiHole persists through firmware updates. The on-boot script does not. If you update your FM setup on-boot again and everything should work.
1. You have already setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script)
2. NextDNS persists through firmware updates. The on-boot script does not. If you update your FM setup on-boot again and everything should work.
### Customization
* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh). The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge.
* If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist), also update all the ips accordingly
* The NextDNS docker image is not supported by NextDNS. It is built out of this repo. If you make any enhancements please constribute back via a Pull Request.
### Docker
The Dockerfile is included, you can build it locally on your UDM if you don't want to pull from Docker Hub
The Dockerfile is included, you can build it locally on your UDM if you don't want to pull from Docker Hub or make customizations
```
podman build ./Dockerfile -t nextdns-udm:latest"
podman build . -t nextdns-udm:latest"
```
Building from another device is possible. You must have [buildx](https://github.com/docker/buildx/) installed to do cross platform builds. This is useful if you want to mirror to a private repo
```
docker buildx build --platform linux/arm64 -t nextdns-udm:latest .
```
### Steps
@ -24,11 +30,11 @@ podman build ./Dockerfile -t nextdns-udm:latest"
3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) symlink). This will create your podman macvlan network
4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh). You can leave out the iptables rules if you don't want to DNAT all DNS calls to your PiHole
5. Execute on_boot.sh
5. Make /mnt/data/nextdns and copy [nextdns.conf](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/nextdns.conf) to it.
6. Run the nextdns docker container. The mounts are very important. Also please change the --dns arguments to whatever was provided by NextDNS.
6. Make /mnt/data/nextdns and copy [nextdns.conf](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/nextdns.conf) to it.
7. Run the NextDNS docker container. The mounts are very important. Also, please change the --dns arguments to whatever was provided by NextDNS.
```
podman run -d --network dns \
podman run -d --privileged --network dns \
--name nextdns \
-v "/mnt/data/nextdns/:/etc/nextdns/" \
-v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
@ -37,6 +43,6 @@ podman build ./Dockerfile -t nextdns-udm:latest"
--hostname nextdns \
boostchicken/nextdns-udm:latest
```
Note: Mounting dbus and running in privileged is not required. It's for mDNS.
8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.

18
nextdns/docker/Dockerfile
View File

@ -1,12 +1,14 @@
FROM alpine AS builder
ENV VERSION=1.6.4
WORKDIR /tmp
RUN apk add curl \
&& mkdir nextdns \
&& curl -fsSL https://github.com/nextdns/nextdns/releases/download/v${VERSION}/nextdns_${VERSION}_linux_arm64.tar.gz -o nextdns.tar.gz \
&& tar zxf nextdns.tar.gz -C ./nextdns
FROM debian:buster-slim
LABEL maintainer="John Dorman <dorman@ataxia.cloud>"
ENV VERSION=1.6.4
RUN apt update && apt install -y curl \
&& mkdir -p /opt/nextdns \
&& curl -fsSL https://github.com/nextdns/nextdns/releases/download/v${VERSION}/nextdns_${VERSION}_linux_arm64.tar.gz -o /tmp/nextdns.tar.gz \
&& tar zxf /tmp/nextdns.tar.gz -C /opt/nextdns
COPY --from=builder /tmp/nextdns /opt/nextdns
EXPOSE 53/tcp 53/udp
VOLUME ['/etc/nextdns']
ENTRYPOINT ["/opt/nextdns/nextdns","run", "-config-file", "/etc/nextdns/nextdns.conf"]

6
nextdns/install-cni-plugins.sh Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
cd /tmp
curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz -o cni.tgz
mkdir -p /mnt/data/podman/cni/
tar xf cni.tgz -C /mnt/data/podman/cni/

6
nextdns/udm-files/on_boot.sh
View File

@ -11,3 +11,9 @@ ip addr add 10.0.5.2/24 dev br5.mac
ip link set br5.mac up
ip route add 10.0.5.3/32 dev br5.mac proto static scope link
podman start nextdns
# optional if you dont want to force everything through nextdns. also add anymore bridges for other networks (br5, 10 etc)
iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE
iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE