Zonemaster is a great tool to verify that you have set up your domainservers correctly. You can test it out on https://zonemaster.iis.se/en/
I want my icinga server to this automaticly so i will get a warning as soon something changes, so lets do that. First thing you need to now is that Zonemaster is a tool and is freely available on Github. you can download it and run it on your own machine.
If your controller is not in the same subnet as the device you want to add, you must use a computer in this subnet as a 3rd party.
Your Device should now be provisioned
Before reseting device, make sure you forget the device in the UniFi controller first.
To restore an UniFi product press and hold the reset button for five seconds. just pressing the reset button will restart the unit.
If you are using NFSv4 (which is likely) you only need to open one port in your firewall port 2049/TCP. The examples below are done on an OpenMediaVault/Debian server to allow NFS access but nothing else from network 192.168.64.144/28 and 192.168.64.192/26.
This is an example of an network configuration on my OpenMediaVault server. It takes two network interfaces (eth3 and rename3) and bonds them together using LACP. On top off this bond i have created three bridges. br1 witch is for untagged traffic and. br641 and 642 for vlan tagged traffic on vlan 641 and 642 respectively. br1/br641/br642 are all attached to the host and is configured for dhcp. they can also be attached to virtual machines.
These steeps will show you how to use OpenDNS instead of your ISPs DNS in pfSense, and how to setup a free home account at OpenDNS to start filtering DNS request, and by that blocking unwanted traffic.