2023-08-25 11:24:56 +05:30
The following DoH services can be automated for now...
2023-06-29 08:31:49 +05:30
2023-08-25 11:24:56 +05:30
- [Cloudflare ](https://github.com/pothi/mikrotik-scripts/blob/main/doh-scripts/cloudflare.rsc )
- [Google ](https://github.com/pothi/mikrotik-scripts/blob/main/doh-scripts/google.rsc )
- [NextDNS ](https://github.com/pothi/mikrotik-scripts/blob/main/doh-scripts/nextdns.rsc )
- [Quad9 ](https://github.com/pothi/mikrotik-scripts/blob/main/doh-scripts/quad9.rsc )
2023-06-29 08:31:49 +05:30
2023-08-25 11:24:56 +05:30
Or you may use the [generic script ](https://github.com/pothi/mikrotik-scripts/blob/main/doh-scripts/generic.rsc ).
2023-06-29 08:31:49 +05:30
2023-08-25 11:24:56 +05:30
Relevant thread in MikroTik forums... https://forum.mikrotik.com/viewtopic.php?f=2& t=160243#p799274
2023-06-29 08:31:49 +05:30
2023-08-25 11:24:56 +05:30
Remember that DoH depends on correct time. So, make sure NTP client is configured. The MikroTik Cloud NTP client service required DNS that in turn requires a working NTP client. So, don't depend on MikroTik Cloud NTP client service.
2023-06-29 08:31:49 +05:30
2022-12-20 12:20:49 +05:30
Root CA certificates that we can use...
2023-06-29 08:31:49 +05:30
- https://www.digicert.com/kb/digicert-root-certificates.htm (Download DigiCert Global Root CA)
- https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
- works **only** for 1.1.1.1 DoH
2023-08-25 11:24:56 +05:30
The following don't work for unknown reason...
2023-06-29 08:31:49 +05:30
2022-12-20 12:20:49 +05:30
- https://pki.goog/repository/
- https://support.globalsign.com/ca-certificates/root-certificates/globalsign-root-certificates
2023-06-29 08:31:49 +05:30
- https://www.amazontrust.com/repository/
2022-12-20 12:20:49 +05:30
Or download most (if not all) root CA certificates from https://curl.se/ca/cacert.pem
Recommended - https://pki.goog/repo/certs/gtsr4.pem (validity: 2038)
2023-08-25 11:24:56 +05:30
NextDNS recommends https://curl.se/ca/cacert.pem too.
