DNS Setup on UniFi gateways
Classic DNS for the network โ optionally encrypted via DoH.
Through the UniFi Network console you distribute DNS servers via DHCP to all clients and can additionally enable Encrypted DNS (DoH) via DNS Stamps on the gateway.
DNS Server Credentials
IPv4 Addresses
Classic DNS servers for IPv4 configuration.
IPv6 Addresses
Native IPv6 reachability of the resolvers.
DNS Stamps
Stamps for clients with DNSCrypt/DoH stamp support.
DHCP Name Server
Distributes DNS servers via DHCP to all devices in the respective network.
In the Web UI go to Settings โ Networks and select the desired network.
In the section Advanced โ DHCP Service Management set the option DHCP Name Server to Manual.
Confirm with Apply Changes. Clients pick up the new servers on the next DHCP lease.
Encrypted DNS (DoH) via DNS Stamp
Enables encrypted resolution at the gateway itself โ the resolver is taken over by the UniFi router.
Under Settings โ Internet โ Primary (WAN) โ Advanced enable Encrypted DNS and choose DNSCrypt v2.
Under Custom Stamps add both stamps:
Confirm with Apply Changes. The gateway now forwards DNS queries encrypted to the Dremaxx resolvers.
Troubleshooting
DHCP lease
Clients have to renew their DHCP lease for the new resolver to take effect.
DoH at the gateway
Encrypted DNS at the gateway only encrypts the path from router to Internet โ not within the LAN.
Firmware up to date
Encrypted DNS requires a current UniFi-OS or Network firmware.