You have a local DNS server (e.g. your UniFi router) and want all your devices to use it, even though some don't care which server your router specifies in DHCP replies (e.g. IoT devices)? You can use DNAT to redirect all requests ment for external DNS servers to your local (or favourite remote) DNS server.
I guess you know what port forwarding is: you have a single public IP address shared by 10s of devices. In order for devices on the internet (e.g. your friends) to be able to access a device on your local network (e.g. your Jellyfin server) you need to tell your router to forward incoming traffic for a port to a local IP address and port, e.g. 80.12.34.23:55555 to 192.168.1.2:55555. It changes the Destination of the IP packet. So, traditional port forwarding is a form of DNAT.
UniFi routers offer much more advanced DNAT rules than just port forwading, you can even set up rules for outgoing traffic.
To redirect (modify the destination of) DNS requests we want the following:
- The source is all devices on the internal network
- The target is the internet and the UDP port 53, which is what DNS is using.
- The new destination will be the UniFi router, 192.168.1.1:53, but it can be another device on the network or even 1.1.1.1 or similar.
In UniFi Network 9.4.17:
- Go to Settings → Policy Engine.
- Tap Create New Policy, select NAT, and give it a name
- Type is Dest. NAT, interface your LAN network, and translated IP address your new destination (e.g. 192.168.1.1), translated port 53, protocol UDP.
- Source will be Any.
- Destination will be Any and will have the specific port 53.
Hit save and it will start working within a few seconds!
