From 625c537f84ccff1d1afa4a3f15b6b2524b398cc7 Mon Sep 17 00:00:00 2001
From: Pothi Kalimuthu <1254302+pothi@users.noreply.github.com>
Date: Fri, 28 Jul 2023 10:27:00 +0530
Subject: [PATCH] Add generic DoH script

---
 doh-scripts/generic.rsc | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 doh-scripts/generic.rsc

diff --git a/doh-scripts/generic.rsc b/doh-scripts/generic.rsc
new file mode 100644
index 0000000..364b3c4
--- /dev/null
+++ b/doh-scripts/generic.rsc
@@ -0,0 +1,30 @@
+# Generic DoH script
+
+# disable doh (temporarily)
+/ip dns set verify-doh-cert=no
+
+# curl.haxx.se/ca/cacert.pem contains all the certificates in the world - 100+
+:local result [ /tool fetch url=https://curl.haxx.se/ca/cacert.pem as-value ];
+:do { :delay 2s } while=( $result->"status" != "finished" )
+
+/certificate remove [find name~"cacert.pem"]
+/certificate import file-name=cacert.pem passphrase=""
+/file remove cacert.pem
+
+# you may use any DoH server
+# https://dns.google/dns-query - see https://forum.mikrotik.com/viewtopic.php?f=2&t=160243#p787666
+# https://dns.nextdns.io/xxxxxx - see https://my.nextdns.io/setup
+# https://dns.quad9.net/dns-query - see https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+
+# let's use Cloudflare DoH
+/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
+
+# optional steps
+/ip dns set servers=""
+/ip dhcp-client set use-peer-dns=no [find]
+
+# flush existing cache
+/ip dns cache flush
+
+# remove this file manually
+# /file remove generic.rsc