casperse Posted February 9, 2019 Share Posted February 9, 2019 (edited) Hi All Just wanted to create this step by step if somebody else wants to fix the UNIFI USG static host record in DNS forwarder once and for all.... When following this great video created by Space invader one Enabling Let's Encrypt under "Identification" will give you an error if you using UNIFI and you would need to create a config.gateway.json for your controller. (Update: They still haven't created this functionality in their UI, even if its been requested since 2017 !!!) 1) you need a validated config.gateway.json file that you can place on your controller (Cloud key in my example) config.gateway.json 2) Use WinSCP to copy the file to the folder: /srv/unifi/data/sites/[SITE CODE}/ (You can see your sitecode in your http string) 5) Reprovision your USG under: Controller Devices > USG > Config > Manage Device > Force provision. Now when doing future updates to your UNIFI controller the config.gateway.json will keep the USG static host record in DNS forwarded Edited February 9, 2019 by casperse Quote Link to comment
casperse Posted September 30, 2019 Author Share Posted September 30, 2019 UPDATE: New Unifi update breaks this, you now have to add your DNS entries into the file also! https://community.ui.com/releases/UniFi-Network-Controller-5-11-39/6ab8ef1a-376f-41e6-85b2-ceec098b8462 Quote Link to comment
Tinlad Posted November 15, 2019 Share Posted November 15, 2019 (edited) On 9/30/2019 at 10:24 AM, casperse said: UPDATE: New Unifi update breaks this, you now have to add your DNS entries into the file also! https://community.ui.com/releases/UniFi-Network-Controller-5-11-39/6ab8ef1a-376f-41e6-85b2-ceec098b8462 Yep, just spent two hours trying to figure out why I lost all external DNS after updating before discovering this. My new, working, config.gateway.json looks like this: { "service": { "dns": { "forwarding": { "options": [ "rebind-domain-ok=/unraid.net/", "all-servers", "cname=unifi.mydomain,unifi.local,unifi", "server=1.1.1.1", "server=1.0.0.1" ] } } } } Edited November 15, 2019 by Tinlad Quote Link to comment
casperse Posted November 16, 2019 Author Share Posted November 16, 2019 @Tinlad Yes after 3 days with Unifi support (I totally forgot about this file) I (embarrassed) found the error As a result of this I have removed it and is now running only with the settings done by the Unifi UI I have AGAIN requested them to add this in their UI... as a setting (For over a year now) Anyway I am looking to upgrade to the new: My hope is that I can migrate to this without to many issues.... Quote Link to comment
pish180 Posted June 1, 2020 Share Posted June 1, 2020 Is anyone able to get this to work on the UDM Pro? I posted a community post in the Ubiquiti forums about this as well and contacted their support which deferred me to the Unifi forums. https://community.ui.com/questions/DNS-Rebinding-and-UDM-Pro-Unifi-Dream-Machine-Pro-Plex/6fcc3157-0352-4f1e-a582-a1810c437ab0 Quote Link to comment
SNDS Posted November 30, 2022 Share Posted November 30, 2022 On 6/1/2020 at 8:35 AM, pish180 said: Is anyone able to get this to work on the UDM Pro? I posted a community post in the Ubiquiti forums about this as well and contacted their support which deferred me to the Unifi forums. https://community.ui.com/questions/DNS-Rebinding-and-UDM-Pro-Unifi-Dream-Machine-Pro-Plex/6fcc3157-0352-4f1e-a582-a1810c437ab0 I'd love to hear if there has been an update for this. DNS rebinding makes the Unifi hardware virtually useless if I want to expose any services externally. Plex uses its own secure tunnel of some kind, but if I want to use anything for Plex requests like Overseerr and not want to expose my entire server to the internet via port forwarding, I need to be able to fix this rebinding problem. @casperse any thoughts on this? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.