Emerging Member
Posts: 53
Registered: ‎12-20-2018
Kudos: 1

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

Thank you so much! Greatly apprecaited!

 

Have a wonderful rest of the night my new friend!


Ubiquiti forums are amazing, and you people are incredible! Thank you all!

Senior Member
Posts: 19,122
Registered: ‎08-04-2017
Kudos: 3570
Solutions: 930

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

Hello @Seii,

 

You’re welcome, happy to help!

 

Happy holidaysUbnt Banana

 

 

Regards,

Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation Scripts | UniFi-VoIP Installation Scripts
USG-XG-8 • USG-4-PRO • USG
USW-XG-16 • USW-48-500W • USW-24-POE-250W 2x • USW-16-POE-150W 3x • USW-24 • USW-8-150W • USW-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD 2x • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M • UAP-AC-M-PRO 2x
UAS-XG • UCK-G2-PLUS • UCK-G2 • UCK
Emerging Member
Posts: 53
Registered: ‎12-20-2018
Kudos: 1

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

[ Edited ]

Same to you my friend and of course to your precious family. All the best!

 

PS. I am planning to get Ubiquiti AP-AC Lite in next couple of days (Amazon.ca since I can't find it anywhere locally here in Toronto), I want to replace and finally retire this Airport Extreme. I love Ubiquiti, and I can't wait to hook up that AP too. I might need some assistance if it does not go too smooth for me. You never know. So far, whole this Ubiquiti experience for me was nothing but amazing. Even though I am total newbie, I'm loving all this so much I can't explain it! Even just typing simplest commands inside CLI makes me feel special, lol. Feels like I'm doing something amazing Man Happy

 

HAPPY HOLIDAYS!

Senior Member
Posts: 19,122
Registered: ‎08-04-2017
Kudos: 3570
Solutions: 930

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

Hello @Seii,

 

Ubiquiti products are amazing, if you need any help with the UAP let me know Ubnt Banana

 

 

Regards,

Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation Scripts | UniFi-VoIP Installation Scripts
USG-XG-8 • USG-4-PRO • USG
USW-XG-16 • USW-48-500W • USW-24-POE-250W 2x • USW-16-POE-150W 3x • USW-24 • USW-8-150W • USW-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD 2x • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M • UAP-AC-M-PRO 2x
UAS-XG • UCK-G2-PLUS • UCK-G2 • UCK
Emerging Member
Posts: 53
Registered: ‎12-20-2018
Kudos: 1

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

Just one quick question if I may... I've seen people mentioning having 127.0.0.1 as their System name server. Is that good practice?

 

At the moment, this is how I have it set up:

 

1. Inside SERVICES / DHCP SERVER - LAN / DETAILS - I have DNS 1 set to 192.168.1.1, and DNS 2 set to nothing (empty)

2. Inside SYSTEM - System name server: set to 127.0.0.1

3. Inside CONFIG TREEservice / dns / forwarding : DNS forwarding - Listen-on: set to switch0 (all 4, eth1, eth2, eth3, and eth4), and name-servers: set to 8.8.8.8 and 8.8.4.4

 

So, I hope I have all this finally set properly. I just checked with namebench and it's saying I am using the fastest DNS servers. Before it was telling me there is few that I could use and get better results, but now for the first time I'm getting green FASTEST result Man Happy

 

Cheers!

Senior Member
Posts: 19,122
Registered: ‎08-04-2017
Kudos: 3570
Solutions: 930

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

[ Edited ]

Hello @Seii,

 

If you use 127.0.0.1 it will first check itself, peronally never use loopbacks.

 

 

Regards,

Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation Scripts | UniFi-VoIP Installation Scripts
USG-XG-8 • USG-4-PRO • USG
USW-XG-16 • USW-48-500W • USW-24-POE-250W 2x • USW-16-POE-150W 3x • USW-24 • USW-8-150W • USW-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD 2x • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M • UAP-AC-M-PRO 2x
UAS-XG • UCK-G2-PLUS • UCK-G2 • UCK
Emerging Member
Posts: 53
Registered: ‎12-20-2018
Kudos: 1

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

So that's good in DNS forwarding scenario? I've seen some people setting it to 8.8.8.8 (some to OpenDNS number), some set it to 192.168.1.1  so not quite sure what's the correct setup there Man Sad

Senior Member
Posts: 19,122
Registered: ‎08-04-2017
Kudos: 3570
Solutions: 930

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

[ Edited ]

Hello @Seii,

 

I believe if the system name server is set to a loopback address, it will use the router DNS forwarding options.

I personally keep the system name server set to google DNS.

 

 

Regards,

Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation Scripts | UniFi-VoIP Installation Scripts
USG-XG-8 • USG-4-PRO • USG
USW-XG-16 • USW-48-500W • USW-24-POE-250W 2x • USW-16-POE-150W 3x • USW-24 • USW-8-150W • USW-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD 2x • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M • UAP-AC-M-PRO 2x
UAS-XG • UCK-G2-PLUS • UCK-G2 • UCK
Established Member
Posts: 850
Registered: ‎06-17-2015
Kudos: 168
Solutions: 50

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

[ Edited ]

Depends if you have enabled dnsmasq on your router or not. if you have you should be resolving to a local address. The router will forward the request to an external resolver , if it is not for a local request.

Emerging Member
Posts: 53
Registered: ‎12-20-2018
Kudos: 1

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

@nu2ubiq - thank you so much! Yes, from my full configuration file few posts above this one (previous page), this is what it says:
use-dnsmasq enable
This is basically my new full config again:
 
ubnt@ubnt:~$ show configuration | cat                                           
firewall {                                                                      
    all-ping enable                                                             
    broadcast-ping disable                                                      
    ipv6-receive-redirects disable                                              
    ipv6-src-route disable                                                      
    ip-src-route disable                                                        
    log-martians enable                                                         
    name WAN_IN {                                                               
        default-action drop                                                     
        description "WAN to internal"                                           
        rule 10 {                                                               
            action accept                                                       
            description "Allow established/related"                             
            state {                                                             
                established enable                                              
                related enable                                                  
            }                                                                   
        }                                                                       
        rule 20 {                                                               
            action drop                                                         
            description "Drop invalid state"                                    
            state {                                                             
                invalid enable                                                  
            }                                                                   
        }                                                                       
    }                                                                           
    name WAN_LOCAL {                                                            
        default-action drop                                                     
        description "WAN to router"                                             
        rule 10 {                                                               
            action accept                                                       
            description "Allow established/related"                             
            state {                                                             
                established enable                                              
                related enable                                                  
            }                                                                   
        }                                                                       
        rule 20 {                                                               
            action drop                                                         
            description "Drop invalid state"                                    
            state {                                                             
                invalid enable                                                  
            }                                                                   
        }                                                                       
    }                                                                           
    options {                                                                   
        mss-clamp {                                                             
            mss 1412                                                            
        }                                                                       
    }                                                                           
    receive-redirects disable                                                   
    send-redirects enable                                                       
    source-validation disable                                                   
    syn-cookies enable                                                          
}                                                                               
interfaces {                                                                    
    ethernet eth0 {                                                             
        description "Internet (PPPoE)"                                          
        dhcp-options {                                                          
            name-server no-update                                               
        }                                                                       
        duplex auto                                                             
        pppoe 0 {                                                               
            default-route auto                                                  
            firewall {                                                          
                in {                                                            
                    name WAN_IN                                                 
                }                                                               
                local {                                                         
                    name WAN_LOCAL                                              
                }                                                               
            }                                                                   
            mtu 1492                                                            
            name-server none                                                    
            password ****************                                           
            user-id e****************.*****                                      
        }                                                                       
        speed auto                                                              
    }                                                                           
    ethernet eth1 {                                                             
        description Local                                                       
        duplex auto                                                             
        speed auto                                                              
    }                                                                           
    ethernet eth2 {                                                             
        description Local                                                       
        duplex auto                                                             
        speed auto                                                              
    }                                                                           
    ethernet eth3 {                                                             
        description Local                                                       
        duplex auto                                                             
        speed auto                                                              
    }                                                                           
    ethernet eth4 {                                                             
        description Local                                                       
        duplex auto                                                             
        poe {                                                                   
            output off                                                          
        }                                                                       
        speed auto                                                              
    }                                                                           
    loopback lo {                                                               
    }                                                                           
    switch switch0 {                                                            
        address 192.168.1.1/24                                                  
        description Local                                                       
        mtu 1500                                                                
        switch-port {                                                           
            interface eth1 {                                                    
            }                                                                   
            interface eth2 {                                                    
            }                                                                   
            interface eth3 {                                                    
            }                                                                   
            interface eth4 {                                                    
            }                                                                   
            vlan-aware disable                                                  
        }                                                                       
    }                                                                           
}                                                                               
port-forward {                                                                  
    auto-firewall enable                                                        
    hairpin-nat enable                                                          
    lan-interface switch0                                                       
    rule 1 {                                                                    
        description Xbox_Live                                                   
        forward-to {                                                            
            address 192.168.1.123                                               
        }                                                                       
        original-port 3074                                                      
        protocol tcp_udp                                                        
    }                                                                           
    wan-interface pppoe0                                                        
}                                                                               
service {                                                                       
    dhcp-server {                                                               
        disabled false                                                          
        hostfile-update disable                                                 
        shared-network-name LAN {                                               
            authoritative enable                                                
            subnet 192.168.1.0/24 {                                             
                default-router 192.168.1.1                                      
                dns-server 192.168.1.1                                          
                lease 86400                                                     
                start 192.168.1.100 {                                           
                    stop 192.168.1.254                                          
                }                                                               
                static-mapping XboxOneX_Scorpio_Wifi {                          
                    ip-address 192.168.1.124                                    
                    mac-address 2A:54:91:AE:05:84                               
                }                                                               
                static-mapping XboxOneX_Scorpio_Wired {                         
                    ip-address 192.168.1.123                                    
                    mac-address 2A:54:91:B7:37:82                               
                }                                                               
            }                                                                   
        }                                                                       
        static-arp disable                                                      
        use-dnsmasq enable                                                      
    }                                                                           
    dns {                                                                       
        forwarding {                                                            
            cache-size 1500                                                     
            listen-on switch0                                                   
            name-server 8.8.8.8                                                 
            name-server 8.8.4.4                                                 
        }                                                                       
    }                                                                           
    gui {                                                                       
        http-port 80                                                            
        https-port 443                                                          
        older-ciphers enable                                                    
    }                                                                           
    nat {                                                                       
        rule 5010 {                                                             
            description "masquerade for WAN"                                    
            outbound-interface pppoe0                                           
            type masquerade                                                     
        }                                                                       
    }                                                                           
    ssh {                                                                       
        port 22                                                                 
        protocol-version v2                                                     
    }                                                                           
    unms {                                                                      
        disable                                                                 
    }                                                                           
}                                                                               
system {                                                                        
    host-name ubnt                                                              
    login {                                                                     
        user ubnt {                                                             
            authentication {                                                    
                encrypted-password ****************                             
                plaintext-password ****************                             
            }                                                                   
            full-name ""                                                        
            level admin                                                         
        }                                                                       
    }                                                                           
    name-server 127.0.0.1                                                         
    ntp {                                                                       
        server 0.ubnt.pool.ntp.org {                                            
        }                                                                       
        server 1.ubnt.pool.ntp.org {                                            
        }                                                                       
        server 2.ubnt.pool.ntp.org {                                            
        }                                                                       
        server 3.ubnt.pool.ntp.org {                                            
        }                                                                       
    }                                                                           
    offload {                                                                   
        hwnat enable                                                            
    }                                                                           
    syslog {                                                                    
        global {                                                                
            facility all {                                                      
                level notice                                                    
            }                                                                   
            facility protocols {                                                
                level debug                                                     
            }                                                                   
        }                                                                       
    }                                                                           
    time-zone America/Toronto                                                   
}                                                                               
traffic-control {                                                               
    smart-queue QoS {                                                           
        upload {                                                                
            ecn enable                                                          
            flows 1024                                                          
            fq-quantum 1514                                                     
            limit 10240                                                         
            rate 10mbit                                                         
        }                                                                       
        wan-interface pppoe0                                                    
    }                                                                           
}
I am guessing all is good like this, or is there anything outstanding you guys can catch inside this configuration that should be changed?
 
Thank you both a million for your assistance and time!
Emerging Member
Posts: 53
Registered: ‎12-20-2018
Kudos: 1

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

I've got my UniFi UAC AP-AC Lite the other day. I had no problems getting it installed and running in no time. I also set guest network and applied guest seettings, so I believe that part works fine. I've tried connecting to my router while connected to guest network, and I wasn't able, so I guess that part is set up properly in my UniFi controller (not sure though if anything needs to be done in EdgeRouter X configuration as well?

 

Anyway, I just checked "dns forwarding statistics", and getting this now:

 

 

Admin@ubnt:~$ show dns forwarding statistics
----------------                                                                
Cache statistics                                                                
----------------                                                                
Cache size: 1500                                                                
Queries forwarded: 18817                                                        
Queries answered locally: 2132                                                  
Total DNS entries inserted into cache: 38591                                    
DNS entries removed from cache before expiry: 0                                 
                                                                                
---------------------                                                           
Nameserver statistics                                                           
---------------------                                                           
Server: 8.8.4.4                                                                 
Queries sent: 14123                                                             
Queries retried or failed: 2937                                                 
                                                                                
Server: 8.8.8.8                                                                 
Queries sent: 13657                                                             
Queries retried or failed: 4026 

Seems like a lot Queries retried or failed. How am I supposed to remedy this?

 

 

Thank you again!   

Senior Member
Posts: 19,122
Registered: ‎08-04-2017
Kudos: 3570
Solutions: 930

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

Hello @Seii,

 

Could be your WAN dropping a few packets, or the ER can't reach the DNS server.

 

 

Regards,

Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation Scripts | UniFi-VoIP Installation Scripts
USG-XG-8 • USG-4-PRO • USG
USW-XG-16 • USW-48-500W • USW-24-POE-250W 2x • USW-16-POE-150W 3x • USW-24 • USW-8-150W • USW-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD 2x • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M • UAP-AC-M-PRO 2x
UAS-XG • UCK-G2-PLUS • UCK-G2 • UCK
Emerging Member
Posts: 53
Registered: ‎12-20-2018
Kudos: 1

Re: Trying to get my new EdgeRouter X configured correctly (specifically DNS forwarding)

[ Edited ]

For some reason (maybe it's just me, I am not sure), but opening web pages was little snappier when I used 8.8.8.8 as my System name server, instead of 127.0.0.1 that I am using now.

 

 I have to admit I am little confused when I've read this comment by the user nu2ubiq (posted on this page as well):

 

Depends if you have enabled dnsmasq on your router or not.
if you have you should be resolving to a local address.
The router will forward the request to an external resolver, if it is not for a local request.

So, basically how I understood this was... I have to disable dnsmasq in order to use 8.8.8.8 as my System name server? But, I thought that's the point of dsnmasq in the first place... now, I'm lost again Man Happy