Add generic DoH script

2025-06-28 08:50:09 +02:00 · 2023-07-28 10:27:00 +05:30 · 2023-07-28 10:27:00 +05:30 · 625c537f84
commit 625c537f84
parent 7789cfa8b5
1 changed files with 30 additions and 0 deletions
--- a/doh-scripts/generic.rsc
+++ b/doh-scripts/generic.rsc
@ -0,0 +1,30 @@
+# Generic DoH script
+
+# disable doh (temporarily)
+/ip dns set verify-doh-cert=no
+
+# curl.haxx.se/ca/cacert.pem contains all the certificates in the world - 100+
+:local result [ /tool fetch url=https://curl.haxx.se/ca/cacert.pem as-value ];
+:do { :delay 2s } while=( $result->"status" != "finished" )
+
+/certificate remove [find name~"cacert.pem"]
+/certificate import file-name=cacert.pem passphrase=""
+/file remove cacert.pem
+
+# you may use any DoH server
+# https://dns.google/dns-query - see https://forum.mikrotik.com/viewtopic.php?f=2&t=160243#p787666
+# https://dns.nextdns.io/xxxxxx - see https://my.nextdns.io/setup
+# https://dns.quad9.net/dns-query - see https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/
+
+# let's use Cloudflare DoH
+/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
+
+# optional steps
+/ip dns set servers=""
+/ip dhcp-client set use-peer-dns=no [find]
+
+# flush existing cache
+/ip dns cache flush
+
+# remove this file manually
+# /file remove generic.rsc