mirror.MikroTik/pothi.mikrotik-scripts
1
0
Fork 0
mirror of https://github.com/pothi/mikrotik-scripts.git synced 2025-08-10 04:44:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update docs; Add nextdns DoH

Browse source
This commit is contained in:
Pothi Kalimuthu 2023-08-25 11:19:39 +05:30
parent c875527384
commit 7d8ec6c113
No known key found for this signature in database
GPG key ID: 08202A469C2D0E06
3 changed files with 49 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
doh-scripts/README.md
View file

@ -1,9 +1,8 @@
TODO: TODO:
- DoH script for nextdns - DoH script for nextdns
- DoH script for quad9
# important thread... https://forum.mikrotik.com/viewtopic.php?f=2&t=160243#p799274 Important thread... https://forum.mikrotik.com/viewtopic.php?f=2&t=160243#p799274
Remember that DoH depends on correct time. So, make sure NTP client is configured. The MikroTik Cloud NTP client service required DNS that in turn requires a working NTP client. So, don't depend on MikroTik Cloud NTP client service. Remember that DoH depends on correct time. So, make sure NTP client is configured. The MikroTik Cloud NTP client service required DNS that in turn requires a working NTP client. So, don't depend on MikroTik Cloud NTP client service.

44
doh-scripts/nextdns.rsc Normal file
View file

@ -0,0 +1,44 @@
# TODO: Verify the connection if possible
# https://dns.nextdns.io/xxxxxx - see https://my.nextdns.io/setup
# Variables
:local nextdnsID
:local deviceName
:set nextdnsID "abc123"
# Avoid spaces or use unicode
:local deviceName "MikroTik-AX2"
# disable doh (temporarily)
/ip dns set verify-doh-cert=no
# Quad9 uses DigiCert like CloudFlare.
:local result [ /tool fetch url=http://crt.usertrust.com/USERTrustECCAddTrustCA.crt dst-path=ssl.pem as-value ];
:do { :delay 2s } while=( $result->"status" != "finished" )
/certificate remove [find]
/certificate import file-name=ssl.pem passphrase=""
/file remove ssl.pem
/ip dns
static remove [find name="dns.quad9.net"]
static add name=dns.nextdns.io address=45.90.28.0 type=A
static add name=dns.nextdns.io address=45.90.30.0 type=A
static add name=dns.nextdns.io address=2a07:a8c0:: type=AAAA
static add name=dns.nextdns.io address=2a07:a8c1:: type=AAAA
:if ( $deviceName == "" ) do={
set use-doh-server="https://dns.nextdns.io/$nextdnsID" verify-doh-cert=yes
} else={
set use-doh-server="https://dns.nextdns.io/$nextdnsID/$deviceName" verify-doh-cert=yes
}
# optional steps
/ip dns set servers=""
/ip dhcp-client set use-peer-dns=no [find]
# flush existing cache
/ip dns cache flush
# Post-install step: remove this file manually
# /file remove nextdns.rsc

8
doh-scripts/quad9.rsc
View file

@ -15,10 +15,10 @@
/ip dns /ip dns
static remove [find name="dns.quad9.net"] static remove [find name="dns.quad9.net"]
static add address=9.9.9.9 name=dns.quad9.net comment="Quad9 IPv4" static add name=dns.quad9.net address=9.9.9.9 comment="Quad9 IPv4"
static add address=149.112.112.112 name=dns.quad9.net comment="Quad9 IPv4 - secondary" static add name=dns.quad9.net address=149.112.112.112 comment="Quad9 IPv4 - secondary"
static add address=2620:fe::9 name=dns.quad9.net comment="Quad9 IPv6" static add name=dns.quad9.net address=2620:fe::9 comment="Quad9 IPv6"
static add address=2620:fe::fe name=dns.quad9.net comment="Quad9 IPv6 - secondary" static add name=dns.quad9.net address=2620:fe::fe comment="Quad9 IPv6 - secondary"
set use-doh-server=https://dns.quad9.net/dns-query verify-doh-cert=yes set use-doh-server=https://dns.quad9.net/dns-query verify-doh-cert=yes