Setup DNS over HTTPS on MikroTik

In this post, i will explain how to setup DNS-over-HTTPS (DoH) on MikroTik router

Before, what is DoH?

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks[1] by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver

Wikipedia DoH

Prerequisite : Minimum RouterOS version is 6.47 or higher!

Step :

1. Download and Import root certificates, in terminal :

/tool fetch url=https://curl.haxx.se/ca/cacert.pem
/certificate import file-name=cacert.pem passphrase=””

2. Remove DNS server. Open IP | DNS, then remove existing “Server”. If you are using Dynamic Server, you can disable in IP | DHCP

3. Add a static DNS entry. (IP > DNS > Static). For example, if you want to use Google DNS, add 2 static entries for dns.google to Address : 8.8.8.8 and 8.8.4.4

Static DNS entry

4. Add provider’s URL to “Use DoH Server” and check “Verify DoH Certificate”. For Google DNS, fill https://dns.google/dns-query . Don’t forget to Apply 🙂

DNS Settings

5. Check on DNS Leak Test. Then, choose Standard Test. Make sure, it show ONLY Google. Otherwise, check your configuration again

Result

After change the DNS, don’t forget to flush DNS : /ip dns cache flush then press Enter

Now, your DoH configured on MikroTik routers. Hope you enjoy my article!