0

DNSCrypt on FreshTomato

To enable DNSCrypt on FreshTomato, there are three fields in the web interface that need to be completed. The first is for a resolver address which seems self-explanatory that it should be ‘MYCONFIGID.dns.nextdns.io’ but the other two escape me.  The second is for a sever name so I have just entered ‘NextDNS-MYCONFIGID’ and the third is for a public key which I can find no mention of on the NextDNS website.

Does anybody else have experience with configuring NextDNS on FreshTomato?

10 replies

null
    • beegle
    • 3 yrs ago
    • Reported - view

    I was incorrect in my original post.  The second field is labeled as ‘Provider Name’.

      • aioyups
      • 2 yrs ago
      • Reported - view

      Beegle not possible, nextdns not support dnscrypt protocol. Judging from your screenshot it use dnscrypt-proxy version 1.xx which is only support dnscrypt protocol while nextdns only support DoH and DoT for now.

      Your option to use nextdns are 3.

      First option is install "stubby" and set it based on DoT setting for nextdns.

      Second option is install "dns-over-https" and set it based on DoH for nextdns. (If you can't install stubby then you most likely can't install this either).

      Third is your last option which is unencrypted dns protocol and it's definitly available for you. Install "luci-app-ddns", set the ddns in the router, link the ddns address on nextdns account, set router to use nextdns dns server IP, then you're done. 😉

    • losnad
    • 3 yrs ago
    • Reported - view

    Since you are trying to configure a router, maybe you should look at the "Setup" tab - "Setup Guide" - Select "Routers" - Scroll down to "DNSCrypt".  

    I never used Fresh Tomato but I think you can put anything in the "Resolver" and "Provider" lines an the only one needed is the "Key", which in "Setup Guide" is named "stamp sdns://.....",
    maybe you don't need to use the prefix "sdns://", try with it first.

      • beegle
      • 3 yrs ago
      • Reported - view

      losnad Thanks a bunch for the reply.  I thought that would be the public key as well but sadly, not the case.

    • losnad
    • 3 yrs ago
    • Reported - view

    I copied the stamp and pasted it into AdGuard app and as it can be seen its resolved in my https profile.

    As soon as I delete one character (the last one) the DNS is no longer resolved.

    And as seen in logs, it is working.

    • beegle
    • 10 mths ago
    • Reported - view

    If anybody ever comes across this topic and needs help, the public key (currently anyway) is as follows:

    FA8E:6C97:F976:9D8F:BEF6:C694:B28A:2DE8:8291:4784:A2DF:171A:376A:CD1F:8168:A633

      • Mogsy
      • 9 mths ago
      • Reported - view

      Beegle oddly I can’t get that to work. Currently using dnscrypt DoH proxy with stamps on my profile and edited on https://dnscrypt.info/stamps/

      Using next dns with zero privacy config as I am running adguard on ios with filters. 

      • beegle
      • 9 mths ago
      • Reported - view

       Yes.  I think I am wrong too.  I  can’t get it to work with the stamp from my profile either which is what made me resort to using dig for their TXT records.  Doesn’t seem to work either.

      • Mogsy
      • 9 mths ago
      • Reported - view

       

      I’ve stopped using stamps for DoH. Maybe stop paying for subscription renewal too when it comes. 

      • beegle
      • 9 mths ago
      • Reported - view

       I’m in the same boat.  Mine just renewed a few weeks ago and if I’d paid attention and knew it was coming, I’d have cancelled before it renewed.  Going to switch to something else.  Pretty sure NextDNS is dying which is too bad because it was a good product.

Content aside

  • 9 mths agoLast active
  • 10Replies
  • 987Views
  • 3 Following