Update (2022/02/08): Ubiquiti has acknowledged this is is a problem, and said it will be fixed in a future release. Update 2 (2022/03/04) Issue still not fixed with recent patches. No surprise.
The Ubiquiti UDM Pro is, over all, a fantastic device. But they did make some spectacularly bad design decisions for a device that claims to be for the enterprise. Anything and everything to do with DNS they chose … poorly. For one thing, they designed it so the client chooses its own hostname. This is a ludicrously stupid design for an enterprise. If you let your users run the show, you are going to have problems. Lots of problems. It also causes problems with other enterprise software. VMware is a prime example where the problem surfaces.
Another problem I have recently run in to, that seemed to appear in the last update that causes problems with locally defined domains. I have a local domain defined for my LAN called “tek” set in Network–>Networks–>LAN–>Advanced–>Domain Name. In the past, this has not caused problems. Since the last update, on any of my clients that use the UDM for DNS (i.e. all of them), the resolver will get the proper IP address of a local IP, but then there will be a long delay while it continues with a recursive query that ultimately fails. At best, this is causing latency on every DNS query for internal addresses, and at times is even causing applications to fail the query.
As it turns out, there is a simple (albeit temporary; it will go away when the UDM updates or reboots) fix in dnsmasq (see “Local domains.” section). If you log in to the UDM Pro and edit the file /run/dnsmasq.conf.d/dns.conf and add a line of the form:
local=/tek/After adding this line, you just kill the existing dnsmasq processes:
killall dnsmasqThey will respawn and read in the new configuration. This tells dnsmasq that any host with the domain of .tek is a local address, and should only provide names known locally from hosts or DHCP. This solved my unnecessary recursion problems. I haven’t (yet) figured out how to make this a permanent fix. Ideally, when you define your local domain in the UDM Pro GUI, it would add this line. But alas…
A quick script to automatically add the line and restart the service. It seems that the UI changes the settings back periodically, so you will have to login every now and then, or add it as a cron job. You can change the LOCALDOMAIN variable to your local domain, as defined in the GUI.
#!/bin/sh
# The UDM Pro incorrectly handles local domains, and does not prevent
# recursive lookups for local domains, even if you define them as local
# in the GUI. This is a quick hack to make your local domain actually
# BE local. Until the system decides it knows what you want more than
# you do, and removes your change. In which case, you can re-run this script.
# It checks to see if you already have the change, and will not add it
# multiple times.
# -- Scott Garrett
# Change this to your local domain.
LOCALDOMAIN=tek
CONF="/run/dnsmasq.conf.d/dns.conf"
CHECK=$( egrep "^local=" ${CONF} )
if [ "${CHECK}" ]
then
echo "Local domain already set: ${CHECK}"
else
echo "Setting local domain to: ${LOCALDOMAIN}"
echo "local=/${LOCALDOMAIN}/" >> "${CONF}"
killall dnsmasq
fiSince the UDM frequently undoes any changes you make, you can save this script and link it into cron.hourly and have it fix itself every hour.
Save the script to /root/fixdns.sh and then:
chmod 755 /root/fixdns.sh
ln -s /root/fixdns.sh /etc/cron.hourly/fixdns.sh