Would anyone be so kind as to help me with basic DoH setup using CleanBrowsing DNS?
I'd like to use the following DNS servers (IPv4 only) listed on https://cleanbrowsing.org/filters/ site:
Here is what I tried so far:
First, I've make sure that no Dynamic Servers are in use. I've unchecked "Use Peer DNS" option from the PPPoE interface.
Next, I have added static DNS entries:
/ip dns static
add address=185.228.168.10 name=adult-filter-dns.cleanbrowsing.org
add address=185.228.169.11 name=adult-filter-dns.cleanbrowsing.org
After that, I have added the following NAT rules:
/ip firewall nat add chain=dstnat action=redirect protocol=tcp dst-port=53
/ip firewall nat add chain=dstnat action=redirect protocol=udp dst-port=53
Finally, I have added the doh.cleanbrowsing.org/doh/adult-filter/
line into the Use DoH Server field:
Now, the problem is I do not know what to do next.
- Not sure if it's OK to completely skip DoH Certificate. PEM (cert) has validity until Wed, 15 Feb 2023 - I'm afraid that the DNS will stop working when the certificate will expire, but I don't know if it works like that?
- No idea how to configure the DHCP Server now for LAN clients. Normally I have the above 2 DNS servers set as "DNS Servers" for the DHCP Network. Should I select "No DNS" option instead?
After selecting "No DNS" for DHCP Network, I'm getting the following errors and DNS is not working at all for LAN clients: