The Unifi Security Gateway (USG) can be setup to assign a custom DNS server. The DNS server itself will perform the blocking based on the sites people/devices access.
In order for everything to work beyond a working Unifi setup and controller are:
OpenDNS can be setup to filter categories of sites out. It is reliant on OpenDNS to be accurate and catch all sites in those categories.
DNS O Matic will update OpenDNS with the public IP address for dynamic IP addresses which is typical for home / consumer broadband. If you have a static IP then you can skip this part.
Follow the instructions to add a network as per OpenDNS’ getting started guidde. Make sure the Dynamic IP is set to yes so it can be updated using DNS O Matic.
Once complete, the filtering can be setup as per this guide. I’d recommend adding a known individual site for testing purposes.
Go to “YOUR SERVICES” after logging in and follow the steps to “Add a service” selecting OpenDNS from the dropdown. It will prompt to log into OpenDNS.
Then for each network where you want to apply the OpenDNS filtering then go to Settings > Networks > [Select Network]
It will take time for the settings to take hold depending on your DHCP lease time. The fastest way for the changes to take hold is to come off the network and rejoin e.g switching airplane mode on.
Then go to your blocked site added in OpenDNS and see if you’re able to get to the site. Any changes to OpenDNS will also take some time to update.
OpenDNS provides basic filtering for free. All this is served using existing DHCP mechanism on your network so it’s almost a set and forget action.
A more powerful and also complex solution would be to host your own using something like Pi-hole which allows you to see a history of DNS queries and appropriate allow or blocked action.
Of course, there’s no reason to use each for different networks to provide different filtering.