diff --git a/doh-scripts/google.rsc b/doh-scripts/google.rsc index 3159737..d391703 100644 --- a/doh-scripts/google.rsc +++ b/doh-scripts/google.rsc @@ -1,22 +1,29 @@ # Verify the connection at TODO # disable doh (temporarily) - /ip dns set verify-doh-cert=no -/tool fetch url=https://pki.goog/repo/certs/gtsr1.pem once -:delay 5s -/certificate remove [find name~"gtsr1.pem"] -/certificate import file-name=gtsr1.pem passphrase="" -/file remove gtsr1.pem +:local result [/tool fetch url=https://i.pki.goog/r4.pem as-value] +:do { :delay 2s } while=( $result->"status" != "finished" ) +/certificate remove [find name~"r4.pem"] +/certificate import file-name=r4.pem passphrase="" +# /file remove r4.pem + +# Add static DNS entries for the DoH server +/ip dns static remove [find name=dns.google] /ip dns static add address=8.8.8.8 name=dns.google /ip dns static add address=8.8.4.4 name=dns.google + +# let's enable DoH /ip dns set use-doh-server=https://dns.google/dns-query verify-doh-cert=yes # optional steps -/ip dns set servers="" -/ip dhcp-client set use-peer-dns=no [find] +# /ip dns set servers="" +# /ip dhcp-client set use-peer-dns=no [find] # flush existing cache /ip dns cache flush + +# remove this file manually +# /file remove google.rsc