ssh to USG and execute:

mca-ctrl -t dump-cfg

then find parts you want to change, in my case custom DNS entries (static IP mappings in GUI necessary) and a destiantion Nat für all DNS queries, example:

{
        "system": {
                "static-host-mapping": {
                        "host-name": {
                                "hostA.local": {
                                        "alias": [
                                                "hostA"
                                        ],
                                        "inet": [
                                                "192.168.32.64"
                                        ]
                                },
                                "hostB.local": {
                                        "alias": [
                                                "hostA.local"
                                        ],
                                        "inet": [
                                                "192.168.32.66"
                                        ]
                                }

                        }
                }
        },
         "service": {
                "nat": {
                        "rule": {
                                "76": {
                                        "description": "DNS catch for vlan 76",
                                        "destination": {
                                                "port": "53"
                                        },
                                        "inbound-interface": "eth1.76",
                                        "inside-address": {
                                                "address": "192.168.32.1"
                                        },
                                        "log": "enable",
                                        "protocol": "tcp_udp",
                                        "type": "destination"
                                }
                         }
                }
        }
}

Place this file under /var/lib/unifi/data/sites/default/config.gateway.json on the controller and provision USG via GUI.
You can check success by issuing: ```show nat translations``` on your USG. You will see a lot of entries from Google Home devices, as they ignore the DNS provided from DHCP. Next step would be to use DNS over TLS. To be continued...