diff --git a/doh-scripts/README.md b/doh-scripts/README.md
index 6e78dce..2a4c6aa 100644
--- a/doh-scripts/README.md
+++ b/doh-scripts/README.md
@@ -1,9 +1,8 @@
 TODO:
 
 - DoH script for nextdns
-- DoH script for quad9
 
-# important thread... https://forum.mikrotik.com/viewtopic.php?f=2&t=160243#p799274
+Important thread... https://forum.mikrotik.com/viewtopic.php?f=2&t=160243#p799274
 
 Remember that DoH depends on correct time. So, make sure NTP client is configured. The MikroTik Cloud NTP client service required DNS that in turn requires a working NTP client. So, don't depend on MikroTik Cloud NTP client service.
 
diff --git a/doh-scripts/nextdns.rsc b/doh-scripts/nextdns.rsc
new file mode 100644
index 0000000..7e28d15
--- /dev/null
+++ b/doh-scripts/nextdns.rsc
@@ -0,0 +1,44 @@
+# TODO: Verify the connection if possible
+# https://dns.nextdns.io/xxxxxx - see https://my.nextdns.io/setup
+
+# Variables
+:local nextdnsID
+:local deviceName
+:set nextdnsID "abc123"
+# Avoid spaces or use unicode
+:local deviceName "MikroTik-AX2"
+
+# disable doh (temporarily)
+
+/ip dns set verify-doh-cert=no
+
+# Quad9 uses DigiCert like CloudFlare.
+:local result [ /tool fetch url=http://crt.usertrust.com/USERTrustECCAddTrustCA.crt dst-path=ssl.pem as-value ];
+:do { :delay 2s } while=( $result->"status" != "finished" )
+
+/certificate remove [find]
+/certificate import file-name=ssl.pem passphrase=""
+/file remove ssl.pem
+
+/ip dns
+    static remove [find name="dns.quad9.net"]
+    static add name=dns.nextdns.io address=45.90.28.0 type=A
+    static add name=dns.nextdns.io address=45.90.30.0 type=A
+    static add name=dns.nextdns.io address=2a07:a8c0:: type=AAAA
+    static add name=dns.nextdns.io address=2a07:a8c1:: type=AAAA
+
+:if ( $deviceName == "" ) do={
+    set use-doh-server="https://dns.nextdns.io/$nextdnsID" verify-doh-cert=yes
+} else={
+    set use-doh-server="https://dns.nextdns.io/$nextdnsID/$deviceName" verify-doh-cert=yes
+}
+
+# optional steps
+/ip dns set servers=""
+/ip dhcp-client set use-peer-dns=no [find]
+
+# flush existing cache
+/ip dns cache flush
+
+# Post-install step: remove this file manually
+# /file remove nextdns.rsc
diff --git a/doh-scripts/quad9.rsc b/doh-scripts/quad9.rsc
index a9fdffd..9a5c5a1 100644
--- a/doh-scripts/quad9.rsc
+++ b/doh-scripts/quad9.rsc
@@ -15,10 +15,10 @@
 
 /ip dns
     static remove [find name="dns.quad9.net"]
-    static add address=9.9.9.9          name=dns.quad9.net comment="Quad9 IPv4"
-    static add address=149.112.112.112  name=dns.quad9.net comment="Quad9 IPv4 - secondary"
-    static add address=2620:fe::9       name=dns.quad9.net comment="Quad9 IPv6"
-    static add address=2620:fe::fe      name=dns.quad9.net comment="Quad9 IPv6 - secondary"
+    static add name=dns.quad9.net address=9.9.9.9          comment="Quad9 IPv4"
+    static add name=dns.quad9.net address=149.112.112.112  comment="Quad9 IPv4 - secondary"
+    static add name=dns.quad9.net address=2620:fe::9       comment="Quad9 IPv6"
+    static add name=dns.quad9.net address=2620:fe::fe      comment="Quad9 IPv6 - secondary"
 
     set use-doh-server=https://dns.quad9.net/dns-query verify-doh-cert=yes