NextDNS catch all UDM

10-nextdns-catchall.sh

#!/bin/sh

SERVICE_FILE=nextdns-catchall.service
SOURCE_FILE_PATH=/data/${SERVICE_FILE}
SYSTEMD_FILE_PATH=/etc/systemd/system/${SERVICE_FILE}
if [ ! -f  $SOURCE_FILE_PATH ];
then
    echo "Can't find service file"
    exit 1
fi

podman exec unifi-os stat $SYSTEMD_FILE_PATH

if [ $? -eq 0  ];
then
    echo "Already installed"
    exit 0
fi

podman exec unifi-os cp $SOURCE_FILE_PATH $SYSTEMD_FILE_PATH
podman exec unifi-os systemctl daemon-reload
podman exec unifi-os systemctl enable $SERVICE_FILE
podman exec unifi-os systemctl start $SERVICE_FILE

nextdns-catchall.service

[Unit]
Description=NextDNS Catch all traffic
After=nextdns.service
Requires=nextdns.service

[Install]
WantedBy=multi-user.target

[Service]
Type=oneshot
RemainAfterExit=yes

ExecStart=/sbin/ssh-proxy iptables -t nat -N NEXTDNS_CATCHALL
ExecStart=/sbin/ssh-proxy iptables -t nat -A PREROUTING ! -d 127.0.0.0/8 -j NEXTDNS_CATCHALL
ExecStart=/sbin/ssh-proxy iptables -t nat -A NEXTDNS_CATCHALL -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:5553
ExecStart=/sbin/ssh-proxy iptables -t nat -A NEXTDNS_CATCHALL -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:5553

ExecStop=/sbin/ssh-proxy iptables -t nat -D PREROUTING ! -d 127.0.0.0/8 -j NEXTDNS_CATCHALL
ExecStop=/sbin/ssh-proxy iptables -t nat -F NEXTDNS_CATCHALL
ExecStop=/sbin/ssh-proxy iptables -t nat -X NEXTDNS_CATCHALL

The problem with this catchall is that if you try to use different NextDNS IDs per VLAN, it does not work and everyone ends up using the same primary ID. Is there a workaround for this?

I'm having the same issue... Has anyone been able to find a workaround for this?

Hopefully you don't mind me linking this here, but I really got great use out of this script on earlier Unifi OS versions, so I have been keeping it updated for later releases. The new version works on UDM firmware versions 2.x and 3.x and is available here: https://github.com/vt0r/nextdns-catchall