Are you talking about *) fetch - added HTTP/2 support on ARM64 and x86/CHR devices; in the changelog? Are you sure DoH relies on fetch or is it a guess?
Even Cloudflare DOH isn't working right now. Big Disappointment.
This is due to Cloudflare changing their TLS certificate recently. If you are using the built-in CA in Mikrotik those need to be updated. Or temporairly disable verify-cert in your DNS option.
1 Like
or import the new cert manually.
1 Like
/tool fetch https://ssl.com/repo/certs/SSLcomRootCertificationAuthorityECC.pem
/certificate import file-name=SSLcomRootCertificationAuthorityECC.pem passphrase=""
/tool fetch https://ssl.com/repo/certs/SSLcomRootCertificationAuthorityRSA.pem
/certificate import file-name=SSLcomRootCertificationAuthorityRSA.pem passphrase=""
I transferred both manually. I apologize, It escaped my notice.. Thanks for the reminder.
Thank you for this! This was the missing bit for a fully working DoH config on my router.
It would be really great if we could have HTTP/2 support into DoH in future RouterOS releases, this is how I would be able to use DNS4EU service over DoH.
But you could not use DoH because joindns4.eu is only supporting HTTP/2 
and RouterOS do not…
Is there any news if HTTP/2 support for DoH is added to RoS 7.22?
There is one reference to HTTP/2 in the 7.22 threads but it isn’t clear if it also applies to DoH.
1 Like
It's been a while since I've tested, testing just now quad9 is a NO cloudflare yes BUT using Mozilla due to the cert. Not checked normal. cloudflare.
/ip dns
set use-doh-server=https://mozilla.cloudflare-dns.com/dns-query verify-doh-cert=yes
/ip dns static
add address=1.0.0.1 name=mozilla.cloudflare-dns.com type=A
add address=1.1.1.1 name=mozilla.cloudflare-dns.com type=A
add address=9.9.9.9 disabled=yes name=dns.quad9.net type=A
add address=149.112.112.112 disabled=yes name=dns.quad9.net type=A