In this post, i will explain how to setup DNS-over-HTTPS (DoH) on MikroTik router
Before, what is DoH?
DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks[1] by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver
Wikipedia DoH
Prerequisite : Minimum RouterOS version is 6.47 or higher!
Step :
1. Download and Import root certificates, in terminal :
/tool fetch url=https://curl.haxx.se/ca/cacert.pem/certificate
/import file-name=cacert.pem passphrase=””2. Remove DNS server. Open IP | DNS, then remove existing “Server”. If you are using Dynamic Server, you can disable in IP | DHCP
3. Add a static DNS entry. (IP > DNS > Static). For example, if you want to use Google DNS, add 2 static entries for dns.google to Address : 8.8.8.8 and 8.8.4.4
4. Add provider’s URL to “Use DoH Server” and check “Verify DoH Certificate”. For Google DNS, fill https://dns.google/dns-query . Don’t forget to Apply 🙂
5. Check on DNS Leak Test. Then, choose Standard Test. Make sure, it show ONLY Google. Otherwise, check your configuration again
After change the DNS, don’t forget to flush DNS : /ip dns cache flush then press Enter
Now, your DoH configured on MikroTik routers. Hope you enjoy my article!
UPDATE : major Indonesia ISP are blocked this method (depends on your location)! You need to use VPN instead (for tunneling or just DNS tunnel)