How to Set Up NextDNS.io on Your MikroTik Router to Encrypt DNS Requests

How to Set Up NextDNS on Your MikroTik Router to Encrypt DNS Requests

Introduction

A MikroTik router can be used as an internal DNS server and firewall for your home or business network. However, DNS queries and responses are sent in plaintext (via UDP), which means they can be read by networks, ISPs, or anybody able to monitor transmissions and sell your data. If you would like to make your DNS queries private so that third parties can not read your DNS requests then you can set up DNS over HTTPS commonly known as DOH. With the help of NextDNS.io, you can encrypt your DNS requests to ensure that your data is not exposed to third-party servers. Setting up NextDNS.io on your MikroTik router is a simple process and in this tutorial you will learn how to configure your Mikrotik Router to Encrypt DNS requests using NextDNS.io

Overview

The following is an overview of the steps outlined in this tutorial:
1) What is DNS over HTTPS (DoH) and What is the NextDNS service
2) Sign up for a user account on nextdns.io
3) Obtain the NextDNS root CA certificate
4) Specify static entries for the NextDNS DNS service.
5) Redirect all DNS Requests to the Mikrotik Router.

1. What is DNS over HTTPS and What is the NextDNS service

DNS over HTTPS is a new way of encrypting and securing your DNS queries. It is an important tool for protecting your privacy while browsing the web, as it prevents third-parties from snooping on your data. It is a protocol that allows you to secure your data instead of using traditional DNS queries. NextDNS.io is a cloud-based service that provides users with a secure and reliable way to manage their DNS settings. It allows users to customize their DNS settings for better performance, security, and privacy. The service also provides advanced features such as DDoS protection, content filtering, and analytics. With NextDNS.io, users can easily configure their DNS settings from anywhere in the world with just a few clicks. It also offers an intuitive user interface that makes it easy for anyone to use the service regardless of technical experience level.

2. Sign up for a user account on nextdns.io

The first step to complete this setup is to sign up for a user account on the NextDNS website. Go to nextdns.io and click my.nextdns.io. Click then Sign Up link, enter an email address and password then click the Sign Up button. Open your mailbox and click the link from nextdns.io to confirm your account.

3. Obtain the NextDNS root CA certificate

Open the WinBox configuration utility and log into your Mikrotik Router. Click New Terminal and run the following commands to obtain the NextDNS root CA certificate.

These two commands will fetch the root CA certificate for NextDNS and import the certificate file into the router certificate store

4. Specify static entries for the NextDNS DNS service

The next step is to specify static entries for the NextDNS DNS service. The router also needs to be configured to redirect all DNS requests from client devices on the network to the NextDNS service. Run the command below to configure the IP addresses for the NextDNS DNS servers:

Enable the DoH functionality on the Mikrotik router. Click IP > DNS and click the Allow Remote Requests checkbox. Visit your NextDNS dashboard and copy your DNS-over-HTTPS URL. Return to the WinBox utility and paste your URL into the Use DoH Server field. The URL must include your NextDNS id, i.e https://dns.nextdns.io/your-unique-id

Ensure to remove any static DNS servers specified on the Servers field and Dynamic Servers field. Click Apply and click Ok.

5. Redirect all DNS Requests to the Mikrotik Router

The next step is to redirect all DNS requests from any device on your network to the Mikrotik Router. You simply need to add a new firewall rule that will force all devices on the network to send DNS related traffic directly to the Mikrotik router. Run the following commands on the Mikrotik terminal:

Run the commands below to protect the Mikrotik Router from DNS related attacks on the WAN interface.

Conclusion

You have successfully set up NextDNS on your MikroTik Router to Encrypt DNS Requests using DNS over HTTPS technology. We hope that this tutorial has been informative and would like to thank you for reading as well as learning from it