-
-
Save M0r13n/4142018edb10f927cf4f19c6de31614c to your computer and use it in GitHub Desktop.
Setup Cloudflare as a DoH (DNS over HTTPS) resolver on Mikrotik devices (RouterOS v7.0.2+)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Temporarily add a normal upstream DNS resolver | |
| /ip dns set servers=1.1.1.1,1.0.0.1 | |
| # CA certificates extracted from Mozilla | |
| /tool fetch url=https://curl.se/ca/cacert.pem | |
| # Import the downloaded ca-store (127 certificates) | |
| /certificate import file-name=cacert.pem passphrase="" | |
| # Set the DoH resolver to cloudflare | |
| /ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes | |
| # Remove the old upstream DNS resolvers | |
| /ip dns set servers="" | |
| # Delete the certificate file | |
| /file remove cacert.pem | |
| # OPTIONAL - Disable DDNS | |
| /ip dhcp-client set use-peer-dns=no # Enter 0 as a number if it asks you | |
| # If you are connection over LTE (for exmaple with a chateau) | |
| /interface lte apn set use-peer-dns=no # Enter 0 as a number if it asks you | |
| # Verify, that DynDNS is disabled | |
| /ip dns print |
Thanks!
thx
FYI: The title states that this works on RouterOS v7.0.2+, but it should be RouterOS v6.47+.
LOG: unsupported CRL protocol for URL: ldap://directory.d-trust.net/CN=D-TRUST%20BR%20Root%20CA%201%202020,O=D-Trust%20GmbH,C=DE?certificaterevocationlist
You are the man!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I was looking for a link to the certificate. Thanks!