This has been tested successfully on the following setup.
- UCG Ultra; UniFi OS 4.3.9 & Network 9.5.21
- Client: Apple Macbook Air M1, iPhone 13 Pro
The UniFi UCG Ultra allows for paid web content filtering via Proofpoint & Cloudflare. The basic content filtering applies to the category Adult & Malicious. Of course, the usual domains allow & deny functionality is provided.
UniFi allows users to use a custom DNS per network. You could also use the same DNS provider for the entire setup by configuring at WAN. I’d configured Quad9 for my home lab servers’ network and wanted to have parental control for the kids’ network. Stumbled across NextDNS and it worked with the first attempt. I’m using their free-tier and the features are good enough for kids’ network.
Step 1: Create your NextDNS account and configure it
Create a profile for this setup. I’ve static IP, so I linked it up. DDNS is also supported. Click Show advanced options to configure it.
There’s a handful of options for you to configure at the Parental Control tab. I’d added all the categories to restrict access, and enabled these options Safe Search, YouTube Restricted Mode and Block Bypass Methods.
Step 2: Configure the desired network on UniFi UCG Ultra to use NextDNS DNS servers
On UniFi side, remember to remove any Content Filter that you might have placed on the desired network. Follow the numbering below to configure and you should be fine. Remember to click on Apply Changes.
Step 3: Test it out on various clients
Tested it on a Macbook Air M1 and iPhone 13 Pro and it worked!
So to extend it to LTE/4G/5G, you could install the NextDNS mobile app or add a profile to the iPhone. But, unless the iPhone is supervised, the profile can be deleted.