0

Need help to setup DNS-over-TLS (DOT)

Asus released the new updates and it allowed DoT. I tried to set it up as shown in the picture but nextdns tell me using nextdns without config.  Is there a way to set up the proper way so, I don't have to use another device as a DNS server. 

14 replies

null
    • iOS Developer
    • Rob
    • 2 yrs ago
    • Reported - view

    If you're willing to install the (excellent) custom Asuswrt-Merlin firmware instead, you can install the NextDNS CLI on your Asus router.

    (You'll be using DOH instead of DOT though, since the NextDNS teams prefers DOH above DOT)

      • jade_light
      • 2 yrs ago
      • Reported - view

      Rob ASUS ZenWiFi AX Mini (XD4) is not supported by Asuswrt-Merlin Firmware. Thank you 

      • iOS Developer
      • Rob
      • 2 yrs ago
      • Reported - view

      RK Ah, too bad.

    • losnad
    • 2 yrs ago
    • Reported - view

    I'm no expert but I think it should be "Strict" not "Opportunistic"

    Try removing the address 45.90.28.98 this is not only used by you and need linked IP. If does not work without one try adding IPv6.

    • Diogo_R
    • 2 yrs ago
    • Reported - view

    This is how I made it work for me:

    1. go to your main setup page: https://my.nextdns.io
    2. on the setup guide session, select Routers
    3. scroll down to pfSense (I found it easier to read the info you need from it)
    4. there you will find the IP address + the actual host address (example: abcde.dns1.nextdns.io)
    5. get the IP address and insert it on the Address column on your Asus Router
    6. get the host address host address, similar to the example above, and insert it into the TLS Hostname
    7. click the + sign at the end.

     

    I recommend you remove the one you already added and follow the guide above.

    regarding strict or opportunistic, it will describe what each one does if you over to the left on the label, try both and see if Strict works, that would be preferable.

     

    I tried to add the IPv6 address too, it should work, but it's not necessary.

     

    edit: Forgot to mention: if you want to add an identifier you can do so by adding it to the beginning of the address you are going to insert into the TLS Hostname, example: Router-abcde1.dns1.nextdns.io

      • jade_light
      • 2 yrs ago
      • Reported - view

      Diogo R I got this message NextDNS setup page "This device is using NextDNS with no configuration. Make sure you use the DNS-over-TLS endpoint shown below."

      • Diogo_R
      • 2 yrs ago
      • Reported - view

      RK mine is working fine, try to reboot the router afterwards, sometimes it can get a little "crazy" with DNS queries being sent to other addresses you had in there before.

       

      Mine is working fine, as long as you use the values from that page.

      if you want to paste a screenshot here of how it is setup on your router, I can try to help you more. 

    • GuruPannu
    • 2 yrs ago
    • Reported - view

    I have an Asus Router and it is fairly easy to do. 

    See screenshot (replace the values with your settings).

    You need 2 things

    a) Address: DNS Address provided by NextDNS. It will be 45.90.xxx.yyy
    b) Your unique host name is your youruniqueclientid.dns.nextdns.io

    1) Paste the address value as is in Address column
    2) Paste the TLS Hostname as youruniqueclientid.dns.nextdns.io

    Now add any word at the beginning of this TLS name - this will be used to identify which device is sending queries. For example ASUS-youruniqueclientid.dns.nextdns.io
    or Home--Router-youruniqueclientid.dns.nextdns.io

    Now, queries from this device (i.e your router) will appear will be identified as
    ASUS or Home Router in the NextDNS portal.

      • anesiem
      • 2 yrs ago
      • Reported - view

      Guru Pannu  is there a way to get the name of my device connected to the router to show as a parameter

      For example {pcName}-youruniqueclientid.dns.nextdns.io

      My thought is to login to the router ssh and write a script to let the connected device name pass through. 

      Do you think this is possible?

      Thank you!

      • NextDNs
      • 2 yrs ago
      • Reported - view

      Ashraf you need to install the CLI client for that (https://nextdns.io/cli).

      • anesiem
      • 2 yrs ago
      • Reported - view

      NextDNS the router is original firmware not the custom Asuswrt-Merlin firmware anyway, yesterday I tried to install CLI but didn't work (I was expecting it will not but I gave it a try)

      • Pankaj_Gupta
      • 2 yrs ago
      • Reported - view

      Guru Pannu 
      Not sure what I am missing. I have a zen AX mini which was updated recently to get DOT support. I added the address and the TLS hostname but still my devices says, I am using nextdns without configuration.
      Any other suggestions

      • Reza_Hashemi
      • 5 mths ago
      • Reported - view

        same here

      • Reza_Hashemi
      • 5 mths ago
      • Reported - view

       no tls port or spki?

Content aside

  • 5 mths agoLast active
  • 14Replies
  • 5020Views
  • 8 Following