Setup DNS over HTTPS on MikroTik

In this post, i will explain how to setup DNS-over-HTTPS (DoH) on MikroTik router

Before, what is DoH?

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks[1] by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver

Wikipedia DoH

Prerequisite : Minimum RouterOS version is 6.47 or higher!

Step :

1. Download and Import root certificates, in terminal :

/tool fetch url=https://curl.haxx.se/ca/cacert.pem/certificate 
/import file-name=cacert.pem passphrase=””

2. Remove DNS server. Open IP | DNS, then remove existing “Server”. If you are using Dynamic Server, you can disable in IP | DHCP

3. Add a static DNS entry. (IP > DNS > Static). For example, if you want to use Google DNS, add 2 static entries for dns.google to Address : 8.8.8.8 and 8.8.4.4

4. Add provider’s URL to “Use DoH Server” and check “Verify DoH Certificate”. For Google DNS, fill https://dns.google/dns-query . Don’t forget to Apply 🙂

5. Check on DNS Leak Test. Then, choose Standard Test. Make sure, it show ONLY Google. Otherwise, check your configuration again

After change the DNS, don’t forget to flush DNS : /ip dns cache flush then press Enter

Now, your DoH configured on MikroTik routers. Hope you enjoy my article!

UPDATE : major Indonesia ISP are blocked this method (depends on your location)! You need to use VPN instead (for tunneling or just DNS tunnel)

Proudly powered by WordPress | Theme: Outfit Blog by Crimson Themes.