Tutorial to setup Mikrotik router to use Cloudflare DNS over HTTPS (DoH) resolver. Learn more

Tutorial to setup Mikrotik router to use Cloudflare DNS over HTTPS (DoH) resolver.

/ announcement

Tutorial to setup Mikrotik router to use Cloudflare DNS over HTTPS (DoH) resolver.

Setup Mikrotik DoH Cloudflare

Tutorial to setup Mikrotik router to use Cloudflare DNS over HTTPS (DoH) resolver.

Temporarily add a normal upstream DNS resolver

Add a normal DNS resolver first, so you don't lose connectivity while setting up DoH.

/ip dns set servers=1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001

CA certificates extracted from Mozilla

Download the CA certificates from curl.se (they are extracted from Mozilla) and import them to Mikrotik router.

/tool fetch url=https://curl.se/ca/cacert.pem

Import the downloaded ca-store (127 certificates)

Import the cacert.pem file to Mikrotik router

/certificate import file-name=cacert.pem passphrase=""

Set Static IP for CF Resolver

Configure static IP addresses for Cloudflare DNS resolver to avoid potential issues with certificate validation when the resolver IP changes.

/ip dns static add address=1.1.1.1 disabled=no name=cloudflare-dns.com ttl=1d type=A
/ip dns static add address=1.0.0.1 disabled=no name=cloudflare-dns.com ttl=1d type=A
/ip dns static add address=2606:4700:4700::1111 disabled=no name=cloudflare-dns.com ttl=1d type=AAAA
/ip dns static add address=2606:4700:4700::1001 disabled=no name=cloudflare-dns.com ttl=1d type=AAAA

Set the DoH resolver to cloudflare

Configure Mikrotik to use Cloudflare DoH resolver with certificate verification enabled.

/ip dns set use-doh-server=https://cloudflare-dns.com/dns-query verify-doh-cert=yes allow-remote-requests=yes

OPTIONAL - Disable Peer DNS from DHCP and LTE

If your Mikrotik router is getting DNS settings from a DHCP server or LTE provider, you may want to disable the use of peer DNS to ensure that only the Cloudflare DoH resolver is used.

If you are connection over DHCP

/ip dhcp-client set use-peer-dns=no  # Enter 0 as a number if it asks you

If you are connection over LTE (for exmaple with a chateau)

/interface lte apn set use-peer-dns=no  # Enter 0 as a number if it asks you

Verify, that CF DoH is works

To verify that Cloudflare DoH is working, you can use the following command to print the current DNS settings:

/ip dns print

You should see the use-doh-server set to https://cloudflare-dns.com/dns-query and verify-doh-cert set to yes.

Subscribe to our newsletter

Get the latest news from us. No spam, we promise.

Featured Articles

Here’s what we’ve been up to recently.

View all
Mengenal n8n: Otomatisasi Workflow Tanpa Batas untuk Meningkatkan Produktivitas
Artificial Intelligence (AI)

Mengenal n8n: Otomatisasi Workflow Tanpa Batas untuk Meningkatkan Produktivitas

Dalam era digital saat ini, otomatisasi proses bisnis dan integrasi data menjadi sangat penting untuk meningkatkan efisiensi dan produktivitas. Salah satu alat populer yang banyak digunakan dalam bidang ini adalah n8n. Artikel ini akan membahas secara mendalam apa itu n8n, fungsi, kegunaan, cara menggunakan, contoh aplikasi, serta kelebihan dan kekurangannya
Panduan Lengkap Membuat Prompt untuk AI: Teknik dan Detail yang Perlu Diketahui
Artificial Intelligence (AI)

Panduan Lengkap Membuat Prompt untuk AI: Teknik dan Detail yang Perlu Diketahui

Dalam era teknologi kecerdasan buatan (AI) yang semakin maju, kemampuan untuk berinteraksi secara efektif dengan AI menjadi sangat penting. Salah satu cara utama berinteraksi dengan AI, terutama model bahasa seperti ChatGPT, adalah melalui prompt atau perintah yang kita berikan. Artikel ini akan membahas secara lengkap bagaimana cara membuat prompt untuk