| .. | ||
| cloudflare-1.1.1.1.rsc | ||
| cloudflare-dns-security.rsc | ||
| cloudflare-dns.rsc | ||
| cloudflare-one.one.one.one.rsc | ||
| generic.rsc | ||
| google.rsc | ||
| mullvad-family.rsc | ||
| nextdns.rsc | ||
| quad9.rsc | ||
| README.md | ||
The following DoH services can be automated for now...
Incompatible / buggy implementation...
Since Router OS v7.19... built-in CA certificates can be used with /certificate/settings/set builtin-trust-anchors=trusted
Or you may use the generic script.
Officially incompatible DoH servers... 37748767/DNS (DNS-Knowncompatible)/incompatibleDoHservices
Relevant thread in MikroTik forums... https://forum.mikrotik.com/viewtopic.php?f=2&t=160243#p799274
Remember that DoH depends on the correct time on your MikroTik device. So, make sure that the NTP client is configured and is working. The MikroTik's Cloud NTP client service requires a working DNS that in turn requires a working NTP client. So, please don't depend on MikroTik's Cloud NTP sync service.
Root CA certificates that we can use...
- https://www.digicert.com/kb/digicert-root-certificates.htm (Download DigiCert Global Root CA)
- https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
- works only for 1.1.1.1 DoH
The following don't work for unknown reason...
- https://pki.goog/repository/
- https://support.globalsign.com/ca-certificates/root-certificates/globalsign-root-certificates
- https://www.amazontrust.com/repository/
Or download most (if not all) root CA certificates from https://curl.se/ca/cacert.pem
Recommended - https://pki.goog/repo/certs/gtsr4.pem (validity: 2038)
NextDNS recommends https://curl.se/ca/cacert.pem too.