NextDNS in Mikrotik
Hi after I reset my Mikrotik and tried to input again NextDNS config., It's not working anymore I hope someone can help me! thank you!
4 replies
-
I second this. My 4011 is on RouterOS 6.48.4 and this syntax doesn't work properly.
/tool fetch url=https://curl.se/ca/cacert.pem /certificate import file-name=cacert.pem /ip dns set servers= /ip dns static add name=dns.nextdns.io address=45.90.28.0 type=A /ip dns static add name=dns.nextdns.io address=45.90.30.0 type=A /ip dns static add name=dns.nextdns.io address=2a07:a8c0:: type=AAAA /ip dns static add name=dns.nextdns.io address=2a07:a8c1:: type=AAAA /ip dns set use-doh-server=“https://dns.nextdns.io/388d94” verify-doh-cert=yes
-
My router is the same this error. How to fix it?
DoH server connection error: SSL: handshake failed: unable to get certificate CRL (6)
-
I'm on RouterOs 7.2rc4 and this config is what works for me.
I am not sure if setting the SNTP client is necessary but I have had less issues since doing so.
Make sure you disable peer dns from any dhcp clients manually if the final two commands don't suit.
Most importantly, the mozilla bundle has ~150 certificates you don't need, plus it is safer and less to debug if you install the correct certificate manually. The current https://dns.nextdns.io root ca pem can be downloaded here. The following assumes you have downloaded this file, uploaded via winbox / webfig / ftp and imported to Certificates.
/system ntp client set enabled=yes servers=time.cloudflare.com /ip dns set servers="" /ip dns static add name=dns.nextdns.io address=45.90.28.0 /ip dns static add name=dns.nextdns.io address=45.90.30.0 /ip dns static add name=dns.nextdns.io address=2a07:a8c0:: /ip dns static add name=dns.nextdns.io address=2a07:a8c1:: /ip dns set verify-doh-cert=yes use-doh-server=https://dns.nextdns.io/64aeec /ip dhcp-client set 0 use-peer-dns=no /ipv6 dhcp-client set 0 use-peer-dns=no
Content aside
-
2
Likes
- 2 yrs agoLast active
- 4Replies
- 4240Views
-
5
Following