And 6.47 is still in testing 
maybe this is the problem.
or maybe my router is to old 
lol
the cpu gets down when i disable the nat for transparent dns.
and what is the meaning of this warning logs ?
may/27 01:04:34 dns,warning DoH max concurrent queries reached, ignoring query
is it possible to talk about some release dates according to 6.47 or it is extremely premature ?
6.47 RC was just released over here: http://forum.mikrotik.com/t/v6-47rc-testing-is-released/139877/1
How can I use multiple DoH servers in case first one is unreachable?
Why does it not fall back to DNS servers if the DoH server is unreachable?
We did have a discussion about that over here: http://forum.mikrotik.com/t/add-dns-over-https-doh-support/118090/124
I have added a second DoH server. Did not find out how/where to get the certificate for it, so it will use Cloud Flare with certificate and google without.
:local result yes
:do {tool fetch url="https://1.1.1.1/dns-query\?name=mikrotik.ca%26type=A" output=file dst-path=result \
http-header-field=accept:application/dns-json} on-error={:set result no}
:if $result do={
/ip dns set servers="" use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
} else={
/ip dns set allow-remote-requests=yes servers=8.8.8.8 use-doh-server=https://dns.google/dns-query verify-doh-cert=no
}
PS google needs to use DNS name in URL to work, so 8.8.8.8 is added. It will not be used for other clients,
Mikrotik should add a possibility for multiple DoH and/or fallback to old/normal DNS reques.t
I am afraid of frying my routerâs flash, so I donât run 6.47 yet; do static entries have precedence over DoH? If yes, Iâd rather use
/ip dns static
add name=dns.google address=8.8.8.8
add name=dns.google address=8.8.4.4
than
/ip dns set servers=8.8.8.8,8.8.4.4
No, except for FWD.
I think you meant âYes, except for FWDâ. Static entries are still preferred with DoH, except FWDs, those are currently ignored. There are also other differences but they donât affect @sindyâs use case.
I can confirm that it is. And agree that a static entry is a better solution.
I had this posting in my memory: http://forum.mikrotik.com/t/v6-47rc-testing-is-released/139877/1
And some where I picked up that FWD was an exception.
But then I wonât touch DoH again, even with a long poke. 
It is just a dream for the big firms collecting information come true, people just (want to) donât see that.
You can argue that are free to choose a more private aware DNS servers but 99% will use Google and Cloudflare in the endâŚsounds of popping champagne bottles in the background.
That is why I am not happy with Mikrotik implementing it after bring pressured to do that by many post here asking for it. 
Use unbound or Knot resolver through a VPN tunnel. DoH gives you a false security.
This does not mean DoH has not a place. It has a place in countries that donât allow unchanged DNS usage and VPN. DNS is even sabotaged by returning the wrong root servers IP addresses as Sky UK did or still is doing. Breaking resolving by yourself.
Sadly there are to many people that not aware how we are watched all the time. It is a step back instead of being a step forward in privacy.
I was in Turkey last year, and there Wikipedia was blocked used DNS block. DoH agent om my PC solved this fine. Also I do not like that my ISP or governmental can spy on my traffic.
Running DoH on MikroTik since first beta, and I have nothing negative to say about it. It resolves all my requests
And I referred in my posting the DoH has right to exist but not for daily/constant usage. If you live in Turkey or China or any other totalitarian county then you have my blessing.
It like saying McDonalds is healthy, because you order a salad with you burger and sugary drink.
Itâs a tool like any other. A hammer can be used to hit a nail or someoneâs head, itâs everyoneâs choice, but you donât blame the hammer. Same with DoH, you can use different public servers or run your own. If youâre affraid of Google and friends, you probably shouldnât use their servers.
And if you connect to the âfreeâ Wifi in McDonald, the they can spy on all your DNS requests to see what the clients surf on when thy are there. A VPN is a better solution, but just shows that any can spy on you.
I am getting hungry!
PS, I will implement DoH in honour of homer simpson and if Jotne can convince me that there is no loss in performance and my internet traffic is better concealed from the scammers of commercialism and the dictatorships of secret police be they chinese, russian, american or north korean LOL.
Best is to remove internet complete, than your are a lot more secure.
Not true, just facebook, instagram, snapchat, twitter and tik tok.
The nail has the choice which side to sink in, head or wood. Though one. With a hamer the direction to go, is clear.
VPN is also a trust you have in the provider you have chosen. Running your own resolver is easy these days and you have still only choose wich taste you want.
Encypting the connection for a tiny amount of traffic is time consuming, so reusing the already encrypted connection is speeding up things if resolve requests are many.
Not sure why Mikrotik never implimeneted DoT and went for DoH. Routers are tools to implement and include to network designs. It makes absolutely no sense to pick DoH over DoT in routers. Leave DoH for the browsers
Mikrotik should be promoting good network practices, not the latest gimmic because some overexcited teenager requested it in a forum post.