dns over tls nextdns on freebsd

I have a running working config on port 53. I would like to also enable DNS over TLS, so Nextdns also listens on 853.

I tried adding

listen 127.0.0.1:853

and while nextdns restarts and runs, its not actually working.

Netstat is also not showing the port.

How do I do this? I tried searching wiki and knowledgebase but I can't find a clear answer.

Thanks!

- R_P_M
- 1 yr ago
- Reported - view
Is there a reason why you want to have local DoT? I don’t think that is possible with the CLI currently and it would also require an encryption certificate.
- Pipo_de_Clown
- 1 yr ago
- Reported - view
Because I had a host that had hardcoded cloudflare DNS queries flooding my logs (they are blocked). I wanted to catch and redirect to NextDNS via NAT rule. Turned out that "feature" could be turned off so theres more need.

Im guessing the certificate can be self signed, I think thats how unbound does it?
- Martheen
  
  1 yr ago
  
  Reported - view
  Pipo de Clown You'll want https://github.com/AdguardTeam/dnsproxy#encrypted-dns-server instead to forward it to your NextDNS address. However, this assumes the host would accept a self-signed cert or you have a way to plant your CA

Content aside