mirror.MikroTik/pothi.mikrotik-scripts
1
0
Fork 0
mirror of https://github.com/pothi/mikrotik-scripts.git synced 2025-08-02 00:44:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update docs; Add nextdns DoH

Browse source
This commit is contained in:
Pothi Kalimuthu 2023-08-25 11:19:39 +05:30
parent c875527384
commit 7d8ec6c113
No known key found for this signature in database
GPG key ID: 08202A469C2D0E06
3 changed files with 49 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
doh-scripts/README.md
View file

@ -1,9 +1,8 @@
TODO:
- DoH script for nextdns
- DoH script for quad9
# important thread... https://forum.mikrotik.com/viewtopic.php?f=2&t=160243#p799274
Important thread... https://forum.mikrotik.com/viewtopic.php?f=2&t=160243#p799274
Remember that DoH depends on correct time. So, make sure NTP client is configured. The MikroTik Cloud NTP client service required DNS that in turn requires a working NTP client. So, don't depend on MikroTik Cloud NTP client service.

44
doh-scripts/nextdns.rsc Normal file
View file

@ -0,0 +1,44 @@
# TODO: Verify the connection if possible
# https://dns.nextdns.io/xxxxxx - see https://my.nextdns.io/setup
# Variables
:local nextdnsID
:local deviceName
:set nextdnsID "abc123"
# Avoid spaces or use unicode
:local deviceName "MikroTik-AX2"
# disable doh (temporarily)
/ip dns set verify-doh-cert=no
# Quad9 uses DigiCert like CloudFlare.
:local result [ /tool fetch url=http://crt.usertrust.com/USERTrustECCAddTrustCA.crt dst-path=ssl.pem as-value ];
:do { :delay 2s } while=( $result->"status" != "finished" )
/certificate remove [find]
/certificate import file-name=ssl.pem passphrase=""
/file remove ssl.pem
/ip dns
static remove [find name="dns.quad9.net"]
static add name=dns.nextdns.io address=45.90.28.0 type=A
static add name=dns.nextdns.io address=45.90.30.0 type=A
static add name=dns.nextdns.io address=2a07:a8c0:: type=AAAA
static add name=dns.nextdns.io address=2a07:a8c1:: type=AAAA
:if ( $deviceName == "" ) do={
set use-doh-server="https://dns.nextdns.io/$nextdnsID" verify-doh-cert=yes
} else={
set use-doh-server="https://dns.nextdns.io/$nextdnsID/$deviceName" verify-doh-cert=yes
}
# optional steps
/ip dns set servers=""
/ip dhcp-client set use-peer-dns=no [find]
# flush existing cache
/ip dns cache flush
# Post-install step: remove this file manually
# /file remove nextdns.rsc

8
doh-scripts/quad9.rsc
View file

@ -15,10 +15,10 @@
/ip dns
static remove [find name="dns.quad9.net"]
static add address=9.9.9.9 name=dns.quad9.net comment="Quad9 IPv4"
static add address=149.112.112.112 name=dns.quad9.net comment="Quad9 IPv4 - secondary"
static add address=2620:fe::9 name=dns.quad9.net comment="Quad9 IPv6"
static add address=2620:fe::fe name=dns.quad9.net comment="Quad9 IPv6 - secondary"
static add name=dns.quad9.net address=9.9.9.9 comment="Quad9 IPv4"
static add name=dns.quad9.net address=149.112.112.112 comment="Quad9 IPv4 - secondary"
static add name=dns.quad9.net address=2620:fe::9 comment="Quad9 IPv6"
static add name=dns.quad9.net address=2620:fe::fe comment="Quad9 IPv6 - secondary"
set use-doh-server=https://dns.quad9.net/dns-query verify-doh-cert=yes