Can I connect to Mullvad DoH DNS servers?

RouterOS Beginner Basics
1

Hi friends, this is my first post and I’m happy to be here.

Going to the clue, I cannot set up a DoH connection to Mullvad DNS server.

admin@Norka] > /ip dns print
servers: 76.76.2.2
76.76.10.2
dynamic-servers:
use-doh-server: ``https://security.cloudflare-dns.com/dns-query
verify-doh-cert: yes
doh-max-server-connections: 3
doh-max-concurrent-queries: 20
doh-timeout: 10s
allow-remote-requests: yes
max-udp-packet-size: 4096
query-server-timeout: 4s
query-total-timeout: 15s
max-concurrent-queries: 100
max-concurrent-tcp-sessions: 20
cache-size: 2048KiB
cache-max-ttl: 1w
address-list-extra-time: 0s
vrf: main
mdns-repeat-ifaces: wifi1
wifi2
lo
bridge
cache-used: 83KiB

But, as soon as I set this to some of these servers:

I'm getting a lot of errors at logs :

“DoH server connection error: remote disconnected while in HTTP exchange [ignoring repeated messages]”

It’s a known bug or I’m doing something wrong?

Ciphered DNS seems to work well with this server:

https://security.cloudflare-dns.com/dns-query

Could it be corrected in future?

I’m happy owner of MikroTik Chateau 5G R17 ax

2

It's a known issue, as you can read in older threads. The service requires HTTP/2, which RouterOS doesn't support yet for DoH.

Recent RouterOS versions have added support for HTTP/2, but currently only for the /tool fetch command, and only for the ARM64 and x86/CHR architecture. You'll have to wait for future versions to also have HTTP/2 support for DoH. However, the support would probably still be limited to the ARM64 and x86/CHR platforms due to storage space constraint (other architectures unfortunately have devices with 16MB limited flash storage).

EDIT: Your Chateau 5G R17 ax would be supported because it's ARM64.

1 Like
3

Thank you very much for your reply. So I’ll be waiting to future release of RouterOS.