Encrypt your DNS requests with MikroTik

6 Views

Thanks! Share it with your friends!

You disliked this video. Thanks for the feedback!

Published Apr 30, 2024

Sources and extra reading:

- https://help.nextdns.io/t/x2hmvas/what-is-dns-over-tls-dot-dns-over-quic-doq-and-dns-over-https-doh-doh3
- https://www.cloudflare.com/en-gb/learning/dns/dns-over-tls/

Quick command line setup for NextDNS:

/tool fetch url=https://curl.se/ca/cacert.pem
/certificate import file-name=cacert.pem
/ip dns set servers=
/ip dns static add name=dns.nextdns.io address=45.90.28.0 type=A
/ip dns static add name=dns.nextdns.io address=45.90.30.0 type=A
/ip dns static add name=dns.nextdns.io address=2a07:a8c0:: type=AAAA
/ip dns static add name=dns.nextdns.io address=2a07:a8c1:: type=AAAA
/ip dns set use-doh-server=“https://dns.nextdns.io/fe4232” verify-doh-cert=yes

Redirect DNS queries to router:

/ip firewall nat add chain=dstnat action=redirect protocol=tcp dst-port=53
/ip firewall nat add chain=dstnat action=redirect protocol=udp dst-port=53

Documentation link:

https://help.mikrotik.com/docs/display/ROS/DNS

Category: MikroTik
Tags: mikrotik, routerboard, routeros

Be the first to comment

Sign in

Create your account

Encrypt your DNS requests with MikroTik

Up Next