Thanks for the video. I love the thoroughness and testing of changes made. Looking forward to future videos. And stupid me accidentally got click happy on my previous comment and deleted it. Sorry about that.
Great video. Could you help me understand one part? I've a Pihole and Unbound on a separate server like your Pihole+unbound example, and this is my DNS resolver. But When I'm blocking "All other DNS" my server no longer resolve DNS, It seems to have something to do with Unbound and that rule. Using Debian 12 on that server. I did add my server IP in the DNS group, but it doesn't help.
If the server also has other functions you need so you only want to block the doh function, you are right that's impossible. In this video I assume it's fine to block the server completely.
It's very easy. My uxg-pro runs behind another router, and the wan port is connected to a UniFi switch in my home network. I simply set a port on the same switch to monitor the port that connects to uxg-pro's wan port, then run Wireshark against the monitoring port
@@TangDynasty1983 the easiest way is to use tcpdump in the router to capture wan traffic to a file, then later using Wireshark to display the captured file.
Thanks for the video. I love the thoroughness and testing of changes made. Looking forward to future videos.
And stupid me accidentally got click happy on my previous comment and deleted it. Sorry about that.
np😊
Great video. Could you help me understand one part? I've a Pihole and Unbound on a separate server like your Pihole+unbound example, and this is my DNS resolver. But When I'm blocking "All other DNS" my server no longer resolve DNS, It seems to have something to do with Unbound and that rule. Using Debian 12 on that server. I did add my server IP in the DNS group, but it doesn't help.
How did you block "all other DNS"? Do you use Unifi gateway?
Thanks, very clear, I wonder if doh blocking can ever be implemented without full SSL decryption at gateway?
If the server also has other functions you need so you only want to block the doh function, you are right that's impossible. In this video I assume it's fine to block the server completely.
Could you please share how to set up WS to capture the WAN port of the UXG-Pro? Thank you.
It's very easy. My uxg-pro runs behind another router, and the wan port is connected to a UniFi switch in my home network. I simply set a port on the same switch to monitor the port that connects to uxg-pro's wan port, then run Wireshark against the monitoring port
@@hz777 makes sense. what if I have the Unifi as my WAN router, is there way to have WS capture the WAN traffic?
@@TangDynasty1983 the easiest way is to use tcpdump in the router to capture wan traffic to a file, then later using Wireshark to display the captured file.
so just use Secure DNS as a client or a vpn with DNS leak protection. Bye bye gateway dns