Skip to content

Instantly share code, notes, and snippets.

@M0r13n
Last active November 14, 2024 02:34
Show Gist options
  • Save M0r13n/4142018edb10f927cf4f19c6de31614c to your computer and use it in GitHub Desktop.
Save M0r13n/4142018edb10f927cf4f19c6de31614c to your computer and use it in GitHub Desktop.
Setup Cloudflare as a DoH (DNS over HTTPS) resolver on Mikrotik devices (RouterOS v7.0.2+)
# Temporarily add a normal upstream DNS resolver
/ip dns set servers=1.1.1.1,1.0.0.1
# CA certificates extracted from Mozilla
/tool fetch url=https://curl.se/ca/cacert.pem
# Import the downloaded ca-store (127 certificates)
/certificate import file-name=cacert.pem passphrase=""
# Set the DoH resolver to cloudflare
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
# Remove the old upstream DNS resolvers
/ip dns set servers=""
# Delete the certificate file
/file remove cacert.pem
# OPTIONAL - Disable DDNS
/ip dhcp-client set use-peer-dns=no # Enter 0 as a number if it asks you
# If you are connection over LTE (for exmaple with a chateau)
/interface lte apn set use-peer-dns=no # Enter 0 as a number if it asks you
# Verify, that DynDNS is disabled
/ip dns print
@cnlutong
Copy link

nice

@MeteoraCD2
Copy link

I was looking for a link to the certificate. Thanks!

@nookeist
Copy link

Thanks!

@KillerHT
Copy link

KillerHT commented Aug 6, 2024

thx

@serdar-demir
Copy link

FYI: The title states that this works on RouterOS v7.0.2+, but it should be RouterOS v6.47+.

image

@Delitants
Copy link

LOG: unsupported CRL protocol for URL: ldap://directory.d-trust.net/CN=D-TRUST%20BR%20Root%20CA%201%202020,O=D-Trust%20GmbH,C=DE?certificaterevocationlist

@mldoscar
Copy link

You are the man!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment