2

NextDNS in Mikrotik

Hi after I reset my Mikrotik and tried to input again NextDNS config., It's not working anymore I hope someone can help me! thank you!

4 replies

null
    • Will_Smith
    • 2 yrs ago
    • Reported - view

    I second this. My 4011 is on RouterOS 6.48.4 and this syntax doesn't work properly.

    /tool fetch url=https://curl.se/ca/cacert.pem
    /certificate import file-name=cacert.pem
    /ip dns set servers=
    /ip dns static add name=dns.nextdns.io address=45.90.28.0 type=A
    /ip dns static add name=dns.nextdns.io address=45.90.30.0 type=A
    /ip dns static add name=dns.nextdns.io address=2a07:a8c0:: type=AAAA
    /ip dns static add name=dns.nextdns.io address=2a07:a8c1:: type=AAAA
    /ip dns set use-doh-server=“https://dns.nextdns.io/388d94” verify-doh-cert=yes
    
    • Dong
    • 2 yrs ago
    • Reported - view

    My router is the same this error. How to fix it?

    DoH server connection error: SSL: handshake failed: unable to get certificate CRL (6)

      • 3xploiton3
      • 2 yrs ago
      • Reported - view

      Dong i have same problem, with my RB750gr3

    • Michael_Inglis
    • 2 yrs ago
    • Reported - view

    I'm on RouterOs 7.2rc4 and this config is what works for me.

    I am not sure if setting the SNTP client is necessary but I have had less issues since doing so.

    Make sure you disable peer dns from any dhcp clients manually if the final two commands don't suit.

    Most importantly, the mozilla bundle has ~150 certificates you don't need, plus it is safer and less to debug if you install the correct certificate manually. The current https://dns.nextdns.io root ca pem can be downloaded here. The following assumes you have downloaded this file, uploaded via winbox / webfig / ftp and imported to Certificates.
     

    /system ntp client set enabled=yes servers=time.cloudflare.com
    /ip dns set servers=""
    /ip dns static add name=dns.nextdns.io address=45.90.28.0
    /ip dns static add name=dns.nextdns.io address=45.90.30.0
    /ip dns static add name=dns.nextdns.io address=2a07:a8c0::
    /ip dns static add name=dns.nextdns.io address=2a07:a8c1::
    /ip dns set verify-doh-cert=yes use-doh-server=https://dns.nextdns.io/64aeec
    /ip dhcp-client set 0 use-peer-dns=no
    /ipv6 dhcp-client set 0 use-peer-dns=no

Content aside

  • 2 Likes
  • 2 yrs agoLast active
  • 4Replies
  • 2847Views
  • 5 Following