Skip to content
Fiction Becomes Fact

How to redirect dns from UniFi Security Gateway to Pi-hole

- 4 min read

Introduction

Section titled “ Introduction”

With this redirect I make sure that all my devices use my own DNS settings. In this case all DNS traffic is going to my Pi-hole, but that could also be AdGuard Home, for example.

Requirements

Section titled “ Requirements”

You need a UniFi Security Gateway (USG) so you can use the config.gateway.json settings.

How To

Section titled “ How To”

Find the right interface

Section titled “Find the right interface”
  1. Log in to the USG with a SSH connection
    Section titled “Log in to the USG with a SSH connection”
  2. Lookup the interface
    Section titled “Lookup the interface”

    Run the following command:

    # Open your terminal application
    sudo ifconfig -a

    Check if eth1 is the interface with your gateway IP. For example 192.168.1.1. Make a note which interface is used.

Create config.gateway.json

Section titled “Create config.gateway.json”
  1. Log in to the UniFi Controller
    Section titled “Log in to the UniFi Controller”
  2. Obtain the id of the site
    Section titled “Obtain the id of the site”

    In the address bar, the id will appear after /manage/site. In my case default is the id of the site.

  3. Modify config.gateway.json
    Section titled “Modify config.gateway.json”

    Log in to the machine where the UniFi Controller is running, for example the host where the container is running. If you are using the container the sites folder is located in unifi/data. Then you can save the following code to unifi/data/sites/default/config.gateway.json and replace default with the name of your site:

    unifi/data/sites/default/config.gateway.json
    # To create this script use your text editor application, for example Nano
    {
    "service": {
      "nat": {
      "rule": {
        "1": {
        "description": "Redirect DNS queries to pihole",
        "destination": {
          "port": "53",
          "address": "!192.168.x.xx"
        },
        "inbound-interface": "eth1",
        "inside-address": {
          "address": "192.168.x.xx",
          "port": "53"
        },
      "source": {
          "address": "!192.168.x.xx"
        },
        "log":"disable",
      "protocol": "tcp_udp",
        "type": "destination"
        },
        "6000": {
        "description": "Translate reply back",
        "destination": {
          "address": "192.168.x.xx",
          "port": "53"
        },
        "log":"disable",
      "outbound-interface": "eth1",
        "protocol": "tcp_udp",
        "type": "masquerade"
        }
      }
      }
    }
    }
    # IMPORTANT: Please read the instructions below
    Instructions:
    • Required Remove all comments starting with #
    • Required Replace 192.168.x.xx with the IP address of Pi-hole
    • Required Replace eth1 with the interface you noted earlier

Apply the settings and check the results

Section titled “Apply the settings and check the results”
  1. Test on Windows or go to the next step
    Section titled “Test on Windows or go to the next step”

    Go to the Command Prompt and run the following commands:

    # Open your terminal application
    nslookup
    server 8.8.8.8
    fictionbecomesfact.com

    This query will not be found in the Pi-hole logs.

  2. Apply the config.gateway.json settings
    Section titled “Apply the config.gateway.json settings”

    Open the UniFi Controller and go to Devices. Click on the USG, then Settings (gear icon). Go to Trigger Provision and click on Trigger Provision.

  3. Repeat the test
    Section titled “Repeat the test”

    Go to the Command Prompt and run the following commands:

    # Open your terminal application
    nslookup
    server 8.8.8.8
    fictionbecomesfact.com

    This query will now be found in the Pi-hole logs.

Comments

Section titled “ Comments”

    No comments found for this note.

    Join the discussion for this note on Github. Comments appear on this page instantly.

    Tags:
     Copyright 2021-2026 Fiction Becomes Fact