DNSCrypt on FreshTomato

To enable DNSCrypt on FreshTomato, there are three fields in the web interface that need to be completed. The first is for a resolver address which seems self-explanatory that it should be ‘MYCONFIGID.dns.nextdns.io’ but the other two escape me.  The second is for a sever name so I have just entered ‘NextDNS-MYCONFIGID’ and the third is for a public key which I can find no mention of on the NextDNS website.

Does anybody else have experience with configuring NextDNS on FreshTomato?

5replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • I was incorrect in my original post.  The second field is labeled as ‘Provider Name’.

      • aioyups
      • aioyups
      • 1 yr ago
      • 1
      • Reported - view

      Beegle not possible, nextdns not support dnscrypt protocol. Judging from your screenshot it use dnscrypt-proxy version 1.xx which is only support dnscrypt protocol while nextdns only support DoH and DoT for now.

      Your option to use nextdns are 3.

      First option is install "stubby" and set it based on DoT setting for nextdns.

      Second option is install "dns-over-https" and set it based on DoH for nextdns. (If you can't install stubby then you most likely can't install this either).

      Third is your last option which is unencrypted dns protocol and it's definitly available for you. Install "luci-app-ddns", set the ddns in the router, link the ddns address on nextdns account, set router to use nextdns dns server IP, then you're done. 😉

      Like 1
  • Since you are trying to configure a router, maybe you should look at the "Setup" tab - "Setup Guide" - Select "Routers" - Scroll down to "DNSCrypt".  

    I never used Fresh Tomato but I think you can put anything in the "Resolver" and "Provider" lines an the only one needed is the "Key", which in "Setup Guide" is named "stamp sdns://.....",
    maybe you don't need to use the prefix "sdns://", try with it first.

      • Beegle
      • beegle
      • 1 yr ago
      • Reported - view

      losnad Thanks a bunch for the reply.  I thought that would be the public key as well but sadly, not the case.

  • I copied the stamp and pasted it into AdGuard app and as it can be seen its resolved in my https profile.

    As soon as I delete one character (the last one) the DNS is no longer resolved.

    And as seen in logs, it is working.

Like Follow
  • 1 yr agoLast active
  • 5Replies
  • 494Views
  • 2 Following