Next DNS

2024-08-30 18:32:21 +00:00 · 2020-06-04 20:50:14 -07:00 · 2020-06-04 20:50:14 -07:00 · 848cba9a6d
commit 848cba9a6d
parent 56e11dbaef
9 changed files with 116 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -6,3 +6,6 @@ Run any commands when your UDM starts.
 ### run-pihole
 Run pihole on your UDM with podman.  Utilizes macvlan cni plugins to completely isolate the network stack
 ### python
 If you need python3 on your UDM, generally not recommended, can always use it in unifi-os container
--- a/nextdns/README.md
+++ b/nextdns/README.md
@ -0,0 +1,42 @@
 # Run NextDNS on your UDM
 ### Features
 1. Run PiHole on your UDM with a completely isolated network stack.  This will not port conflict or be influenced by any changes on by Ubiquiti
 2. Persists through reboots and firmware updates.
 ### Requirements
 1. You have setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script)
 2. PiHole persists through firmware updates. The on-boot script does not.  If you update your FM setup on-boot again and everything should work.
 ### Customization
 * Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh).  The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge.
 * If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist), also update all the ips accordingly
 ### Docker
 The Dockerfile is included, you can build it locally on your UDM if you don't want to pull from Docker Hub
 ```
 podman build ./Dockerfile -t nextdns-udm:latest"
 ```
 ### Steps
 1. On your controller, make a Corporate network with no DHCP server and give it a vlan. For this example we are using vlan 5.
 2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/install-cni-plugins.sh) on your UDM
 3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) symlink).  This will create your podman macvlan network
 4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh).  You can leave out the iptables rules if you don't want to DNAT all DNS calls to your PiHole
 5. Execute on_boot.sh
 5. Make /mnt/data/nextdns and copy [nextdns.conf](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/nextdns.conf) to it.
 6. Run the nextdns docker container.  The mounts are very important. Also please change the --dns arguments to whatever was provided by NextDNS.
 ```
 podman run -d --network dns \
    --name nextdns \
    -v "/mnt/data/nextdns/:/etc/nextdns/" \
    -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
    --mount type=bind,source=/config/dnsmasq.lease,target=/tmp/dnsmasq.leases \
    --dns=45.90.28.163 --dns=45.90.30.163 \
    --hostname nextdns \
    boostchicken/nextdns-udm:latest
 ```
 8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
--- a/nextdns/docker/Dockerfile
+++ b/nextdns/docker/Dockerfile
@ -0,0 +1,12 @@
 FROM debian:buster-slim
 LABEL maintainer="John Dorman <dorman@ataxia.cloud>"
 ENV VERSION=1.6.4
 RUN apt update && apt install -y curl \
    && mkdir -p /opt/nextdns \
    && curl -fsSL https://github.com/nextdns/nextdns/releases/download/v${VERSION}/nextdns_${VERSION}_linux_arm64.tar.gz -o /tmp/nextdns.tar.gz \
    && tar zxf  /tmp/nextdns.tar.gz -C /opt/nextdns
 EXPOSE 53/tcp 53/udp
 ENTRYPOINT ["/opt/nextdns/nextdns","run", "-config-file", "/etc/nextdns/nextdns.conf"]
--- a/nextdns/udm-files/20-dns.conflist
+++ b/nextdns/udm-files/20-dns.conflist
@ -0,0 +1,23 @@
 {
  "cniVersion": "0.4.0",
  "name": "dns",
  "plugins": [
    {
      "type": "macvlan",
      "mode": "bridge",
      "master": "br5",
      "ipam": {
        "type": "static",
        "addresses": [
          {
            "address": "10.0.5.3/24",
            "gateway": "10.0.5.1"
          }
        ],
        "routes": [
          {"dst": "0.0.0.0/0"}
        ]
      }
    }
  ]
 }
--- a/nextdns/udm-files/nextdns.conf
+++ b/nextdns/udm-files/nextdns.conf
@ -0,0 +1,7 @@
 listen :53
 # dont add setup-router or auto-activate everything else should be safe
 report-client-info yes
 cache-size=10MB
 config YOURCONFIG HERE
--- a/nextdns/udm-files/on_boot.sh
+++ b/nextdns/udm-files/on_boot.sh
@ -0,0 +1,13 @@
 #!/bin/sh
 mkdir -p /opt/cni
 ln -s /mnt/data/podman/cni/ /opt/cni/bin
 ln -s /mnt/data/podman/cni/20-dns.conflist  /etc/cni/net.d/20-dns.conflist
 # Assumes your Podman network made in the controller is on VLAN 5
 # Adjust the IP to match the address in your cni configuration
 ip link add br5.mac link br5 type macvlan mode bridge
 ip addr add 10.0.5.2/24 dev br5.mac
 ip link set br5.mac up
 ip route add 10.0.5.3/32 dev br5.mac proto static scope link
 podman start nextdns
--- a/python/install_pip.sh
+++ b/python/install_pip.sh
@ -0,0 +1,11 @@
 #/bin/sh
 cd /tmp
 curl -L https://bootstrap.pypa.io/get-pip.py -o get-pip.py
 ln -s $(podman inspect unifi-os -f {{.GraphDriver.Data.MergedDir}})/usr/lib/aarch64-linux-gnu/libssl.so.1.1  /usr/lib64/
 ln -s $(podman inspect unifi-os -f {{.GraphDriver.Data.MergedDir}})/usr/lib/aarch64-linux-gnu/libcrypto.so.1.1  /usr/lib64/
 python get-pip.py
 ln -s $(podman inspect unifi-os -f {{.GraphDriver.Data.MergedDir}})/usr/local/bin/pip3 /usr/bin/pip
 rm /usr/lib64/libssl.so.1.1
 rm /usr/lib64/libcrypto.so.1.1
--- a/python/on_boot.sh
+++ b/python/on_boot.sh
@ -0,0 +1,5 @@
 #/bin/sh
 ln -s $(podman inspect unifi-os -f {{.GraphDriver.Data.MergedDir}})/usr/bin/python3 /usr/bin/python
 #if you install pip
 ln -s $(podman inspect unifi-os -f {{.GraphDriver.Data.MergedDir}})/usr/local/bin/pip3 /usr/bin/pip
--- a/run-pihole/udm-files/20-dns.conflist
+++ b/run-pihole/udm-files/20-dns.conflist
@ -14,9 +14,6 @@
            "gateway": "10.0.5.1"
          }
        ],
        "dns":  {
                       "nameservers": ["127.0.0.1","10.0.0.1"]
               },
        "routes": [
          {"dst": "0.0.0.0/0"}
        ]