Full tunnel would not mitigate this attack because smaller routes are preferred over larger ones. So, sure, 0.0.0.0/0 is routed over the tunnel, but a route for 8.8.8.8/32 pointing to somewhere layer2 adjacent, pushed via DHCP option 121, would supercede that due to being more specific.
A lot of negativity around Ubiquity in here, which is surprising to me, honestly. I had their USG for years and loved it, recently swapped it out for the Dream Machine and love it. Really don’t understand the complaints about linking it to the cloud. I just didn’t bother, everything works fine. Additionally, I managed to get a Debian container running on it and installed ntopng, it’s been awesome for getting realtime visibility into my network traffic.
E. I should add I have 6 of their switches and 3 access points, one of which is at least 7 years old and still receiving updates.