DNS over HTTPS (DoH) is a relatively new protocol that encrypts domain name system traffic by passing DNS queries through a Hypertext Transfer Protocol Secure encrypted session. 

DoH seeks to improve online privacy by hiding DNS queries from view.


This script has been tested on MikroTik RouterOS 6.x and 7.x


In this example we're using Cloudflares DoH Server.


Download Certificate

/tool fetch url=https://curl.se/ca/cacert.pem

Import Certificate

/certificate import file-name=cacert.pem passphrase=""

Set DoH Server

/ip dns
set use-doh-server=https://cloudflare-dns.com/dns-query verify-doh-cert=yes

Hardcore Cloudflare Domains

/ip dns static
add name=cloudflare-dns.com address=2606:4700::6810:f8f9
add name=cloudflare-dns.com address=2606:4700::6810:f9f9
add name=cloudflare-dns.com address=104.16.248.249
add name=cloudflare-dns.com address=104.16.249.249

Remove hard coded servers

/ip dns
set servers=""

Remove Peer DNS

/ip dhcp-client
set 0 use-peer-dns=no

/ipv6 dhcp-client
set 0 use-peer-dns=no