Fixing local name resolution issues in Unifi Gateways

Posted on by Ram

If you use ubiquiti network gateways as your router like I do, you will run into an annoying issue – Unifi does not properly configure dnsmasq so that it acts as the authoritative source for resolving names for your lan domain. The typical symptom is a long delay before names resolve when you attempt ping/ssh or other network connectivity by host name.

Setup

My setup is multiple VLANs – for each network, I have the same domain name configured in the Unifi Network UI. In my case, this domain name is lan which is not an ICANN resolvable TLD. Further, since this is configured as the local domain, the router should act as the authoritative source for name resolution queries. I also use pihole as the DNS server for my network and it is the upstream DNS server for my VLANs as well as the router. pihole is setup to conditionally forward .lan queries to the router for authoritative resolution.

Issue

While IPv4 only setup seems to work fine, introducing IPv6 seems to create problems. Specifically, even for static IP addresses that Ubiquiti router tracks and can resolve, when hosts issue both A and AAAA queries for such hosts, the AAAA query is forwarded by Ubiquiti router to its upstream nameserver blindly. This results in either:

  • A loop between pihole and the router where a flood of dns request ping-pongs happen till the TTL dies out.
  • If the pihole is configured to not play the ping-pong game, the IPv6 query is still sent upstream and waits for the timeout causing a noticeable delay before name resolution happens for client requests.

Fix

  • Adding local=/lan/ in /run/dnsmasq.dns.conf.d/*.conf files in the Unifi gateway and restarting dnsmasq fixes the problem.
  • However, the Unifi gateway will arbitrarily just rewrite these files as these are not persistent configuration.
  • Fix is to have a cron job that periodically updates all of them and restarts dnsmasq if necessary. My script to do this is below – I setup a cron job that runs this every five minutes as root.
  • Ubiquiti should really just fix this bug or at the very least, make it possible to provide additional persistent configuration for dnsmasq in some reliable manner. Modifying the configurations in /etc/<dnsmasq> folders does not seem to work.
#!/bin/bash

# Define the directory and the line to ensure is present
CONFIG_DIR="/run/dnsmasq.dns.conf.d"
PATCH_LINE="local=/lan/"
MODIFIED=0

# Iterate through all .conf files in the specified directory
for FILE in "$CONFIG_DIR"/*.conf; do
    # Skip if no .conf files are found
    [ -e "$FILE" ] || continue
    
    # Check if the line is already in the file
    if ! grep -qxF "$PATCH_LINE" "$FILE"; then
        # Append the line to the file
        echo "$PATCH_LINE" >> "$FILE"
        MODIFIED=1
    fi
done

# If at least one file was modified, kill dnsmasq to trigger a reload
if [ "$MODIFIED" -eq 1 ]; then
    pkill dnsmasq
fi

1 Reply to “Fixing local name resolution issues in Unifi Gateways”

  1. Pingback: IPv6 LAN DNS Resolution With Unifi Gateways – Ram's Tech Blog

Leave a Reply

Your email address will not be published. Required fields are marked *