Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- knb:dohdot_en [2025/09/08 01:09] – t0biii
+++ knb:dohdot_en [2025/09/08 01:41] (aktuell) – t0biii
@@ Zeile 73: / Zeile 73: @@
         forward-addr: 2001:678:e68:f000::@853#dot.ffmuc.net
 </code>
+===== AVM Fritz!Box =====
+Since Fritz!OS 7.20, it has been possible to configure DoT servers directly in the Fritz!Box.
+Go to Internet -> Account Information -> DNS-Server. At the bottom field, enter dot.ffmuc.net as the hostname:
+{{ :knb:fritzbox_dot_settings_en.png?direct&800 |DoT-Settings in FritzBox}}
+In the Online Monitor, you can now see that the following entries also appear under "DNS servers used":
+:678:e68:f000:: (DoT-encrypted)
+:678:ed0:f000:: (DoT-encrypted)
+.1.66.255 (DoT-encrypted)
+.150.99.255 (DoT-encrypted)
+For one of the four, it also says "currently used for standard queries – DoT-encrypted".
+If that is the case, everything is set up correctly.
+===== Mikrotik / RouterOS =====
+The main problem here is that the devices do not trust the FFMuc Let’s Encrypt certificate by default.
+Therefore, we first need to configure the regular DNS, download and install the certificate, and only then can we configure DoH:
+<code>
+/ip dns set servers=5.1.66.255,185.150.99.255
+/tool fetch url=https://letsencrypt.org/certs/isrgrootx1.pem
+/certificate import file-name=isrgrootx1.pem passphrase=""
+/ip dns set servers=5.1.66.255,185.150.99.255 use-doh-server=https://doh.ffmuc.net/dns-query verify-doh-cert=yes
+</code>
+(The command line instructions are given here. In the GUI, the hierarchy is identical, meaning instead of "/ip dns set" you select the menu item "ip", then the submenu "dns", and set the corresponding values there.)
 ===== DNS leak-Test =====