DNS DoH

This doc will cover only IPv4 traffic.

Ensure you blocked non-local connection to prevent connection from outside of your network. The default rule handling this is called defconf: drop all not coming from LAN

The official Quad9 documentation worked great until it won’t anymore.

I tried a few changes but ended up in using a different upstream server which is:

Freifunk Munich

The setup is straight forward, only a hand full of commands:

# fetch root ca
/tool fetch url=https://letsencrypt.org/certs/isrgrootx1.pem

# import ca
/certificate import file-name=isrgrootx1.pem

# configure dns server
/ip dns set servers=5.1.66.255,185.150.99.255 \
  use-doh-server=https://doh.ffmuc.net/dns-query \
  verify-doh-cert=yes \
  allow-remote-requests=yes

# monitor connections
/tool/sniffer/quick port=443 ip-address=5.1.66.255,185.150.99.255

for CA details see: https://letsencrypt.org/certificates/#root-cas

Ghost Caddy Multihost

Vagrant

Docs

th.d

Title here

DNS DoH