I wanted a better home router. During the learning from home phase of the 2020 pandemic I learned I could not have advanced security features of the USG (Unifi Security Gateway) turned on and get sufficient bandwidth for 3 Kids and myself to stream and zoom. So I wanted an upgrade. I went with the Unifi Dream Machine Pro.
For reals though file this post under, I need to remember what I changed in case I have to do it again.
First thing that I did on my older routers was to configure opendns as the external DNS for my networks. In order for OpenDNS so apply my content filtering settings it must know the source IP for my home. This can change because most ISP’s use DHCP to assign the IP’s. Although it seems that my ISP likes to reassign the same IP, I can’t trust that will always be true.
So first, make sure you sign up for an opendns and dns-o-matic account.
Log into the UDM UI
Click on the Settings Gear…
Click on Advanced Features -> Advanced Gateway Settings
Click Create new Dynamic DNS
For DNS-o-matic the settings look like:
Username: [Your DNS-o-matic user]
Password: [Your DNS-o-matic password]
Links Below were very helpful
Very helpful link for getting the server URL. Also contains a few for some other services.
Another thing I want to do, is set a DNS A record. I could probably use some form of the settings above to inform my Google Name Service to update the record with the dynamic IP. But why be boring? Lets run the DDClient perl program in a container on my K3s cluster.
First, read the google domains documentation for dynamic records. I created a dynamic record and it generates the host record along with a username and password that can be used via the API to update the IP associated to the Domain Name.
Next, why create the container if I don’t need to?
My k3s is on some Raspberry Pi’s so I choose the arm image.
Then another nice person built the deployment. Check out that blog for full detail. Without getting too distracted by kubesail and setting up k8s. I skipped to the YAML:
Save this as ddclient-secret.yaml changing the info necessary for your google account.
apiVersion: v1 kind: Secret metadata: name: ddclient-secret labels: app: ddclient stringData: ddclient.conf: | daemon=300 syslog=yes protocol=dyndns2 use=web server=domains.google.com ssl=yes login=<google generated login> password=<google generated password> your.domain.record.com
Now save this as ddclient.yaml, remember to modify the image for the type of arch your Kubernetes is running on.
apiVersion: apps/v1 kind: Deployment metadata: name: ddclient-deployment labels: app: ddclient spec: strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 1 replicas: 1 selector: matchLabels: app: ddclient template: metadata: labels: app: ddclient spec: volumes: - name: ddclient-config-file secret: secretName: ddclient-secret containers: - name: ddclient image: linuxserver/ddclient:arm64v8-version-v3.9.1 imagePullPolicy: Always volumeMounts: - mountPath: /config name: ddclient-config-file resources: requests: cpu: 10m memory: 64Mi limits: cpu: 50m memory: 128Mi
This deployment will use the secret for the settings and deploy the small container to update the Google Domain record with the new IP from the host.
kubectl create ns ddclient kubectl -n ddclient apply -f ddclient-secret.yaml kubectl -n ddclient apply -f ddclient.yaml
Some DNS stuff I might try later
This is interesting repo that updates dns with static hostnames. Unfortunately the UDM does not have this built in. I would suggest Ubiquiti to build pi-hole into the UDM Pro to integrate with its DHCP server and also provide some abilities to block bad DNS names for ads/phishing/malware.