Coniguring DNS-over-HTTPS with UniFi OS and AdGuard

UniFi OS introduced the ability to encrypt DNS traffic using DNS-over-HTTPS with custom servers some time in 2024. Ubiquiti call this feature DNS Shield.

I use AdGuard DNS as a hosted alternative to Pi-hole for blocking trackers and ads in my home network. AdGuard DNS has long supported DNS-over-HTTPS, but UniFi OS only got first party support recently. Configuration should be easy, but neither Ubiquiti or AdGuard have up-to-date documentation.

Here’s how to configure DNS-over-HTTPS with UniFi OS and AdGuard DNS:

1. Go to the AdGuard Dashboard and find the settings for your UniFi OS router
2. Scroll to Encrytped DNS server addresses and take note of DNS-over-HTTPS URL (e.g. https://d.adguard-dns.com/dns-query/123456abc)
3. Go to DNSCrypt DNS Stamp Calculator and set:
   • Protocol to DNS-over-HTTPS
   • Host name to d.adguard-dns.com
   • Path to /dns-query/123456abc
4. Copy the Stamp URL (e.g. sdns://AgcAAAAAA…)
5. Go to the Security settings in UniFi OS (e.g. https://router.local/network/default/settings/security) and set:
   • DNS Shield to Custom
   • Server Name to “AdGuard DNS”
   • DNS Stamp to value in your pasteboard
6. Press Apply Changes
7. Go to the Adguard Diagnostics page, scroll to AdGuard DNS. If you see “Protocol: DNS-over-HTTPS” you’re good to go ✅

See also:

• How to create your own DNS stamp for Secure DNS
• Has anyone figured out this custom DNS added in? I add my DNS stamp using a DNS stamp calculator and nothing happens. It defaults to Google. Using ControlD

Written by Tate Johnson on 6 Jan 2025. Subscribe to my blog's RSS feed.