On WebFig go to IP -> DNS.
Fill in Servers
with your selected TCP/UDP servers and Use DoH Server
with your selected DoH server.
Or use the terminal to achieve the same config.
Assuming the router is on 192.168.88.1
.
You can do this via IP -> Firewall -> Nat on WebFig, or via terminal (SSH/web) with:
/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=192.168.88.1 to-ports=53 protocol=udp dst-port=53 log=no log-prefix=""
add chain=dstnat action=dst-nat to-addresses=192.168.88.1 to-ports=53 protocol=tcp dst-port=53 log=no log-prefix=""
Using terminal since it's faster, but you can create the same via WebFig.
/ip firewall filter
add action=drop chain=forward comment="drop DoH" dst-address-list="DoH Servers"
Use
/ip firewall address-list add address=IP/HOST list="DoH Servers"
E.g.:
/ip firewall address-list add address=dns.google list="DoH Servers"
See the commands for adding a full list at mirotik_doh_list_commands.txt based on data from https://github.com/oneoffdallas/dohservers (see bellow for acknowlegements and license details).
All scripts sit under the ./scripts/
folder.
Gets current master of iplist.txt
from https://github.com/oneoffdallas/dohservers.
Processes current iplist into mikrotik commands to add addresses to the list.
Generates a mikrotik_all_commands.txt
with the commands explained before.
usage: ./generate_for_router.sh router_internal_ip
- Tested on WSL2 running Debian and Debian 11.
- Commands tested for RouterOS v7.6 running on Mikrotik hAP ac2.
- Please review all commands and use at your own risk.
- See BSD 3 CLAUSE LICENSE for details.
You can find nice public servers at Public DNS at European Alternatives.
- Mikrotik for making awesome network hardware.
- https://european-alternatives.eu for collecting nice alternatives under one site.
- https://github.com/oneoffdallas/dohservers for making available the data under their MIT LICENSE.