Encrypt your DNS requests with MikroTik

27 Comments | Server By · 26/04/2023



Encrypt your DNS requests with MikroTik

Encrypt your DNS requests with MikroTik

Sources and extra reading:

– https://help.nextdns.io/t/x2hmvas/what-is-dns-over-tls-dot-dns-over-quic-doq-and-dns-over-https-doh-doh3
– https://www.cloudflare.com/en-gb/learning/dns/dns-over-tls/

Quick command line setup for NextDNS:

/tool fetch url=https://curl.se/ca/cacert.pem
/certificate import file-name=cacert.pem
/ip dns set servers=
/ip dns static add name=dns.nextdns.io address=45.90.28.0 type=A
/ip dns static add name=dns.nextdns.io address=45.90.30.0 type=A
/ip dns static add name=dns.nextdns.io address=2a07:a8c0:: type=AAAA
/ip dns static add name=dns.nextdns.io address=2a07:a8c1:: type=AAAA
/ip dns set use-doh-server=“https://dns.nextdns.io/fe4232” verify-doh-cert=yes

Redirect DNS queries to router:

/ip firewall nat add chain=dstnat action=redirect protocol=tcp dst-port=53
/ip firewall nat add chain=dstnat action=redirect protocol=udp dst-port=53

Documentation link:

https://help.mikrotik.com/docs/display/ROS/DNS

Comments are closed.

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav