problem dns over https

evbocharov · April 1, 2022, 4:18pm

I want to use a dns over https by mullvad

https://certs.godaddy.com/repository

GoDaddy Class 2 Certification Authority Root Certificate - G2

config a mikrotik:

/tool fetch url=https://certs.godaddy.com/repository/gdroot-g2.crt

/certificate import file-name=gdroot-g2.crt passphrase=“”

/ip dns set use-doh-server=https://doh.mullvad.net/dns-query verify-doh-cert=yes

/ip dns/ cache/ flush

doesn’t work
please help me

rextended · April 1, 2022, 4:40pm

[SOLVED]

Do not work, use only TLS 1.2 / TLS 1.3 with unsupported elliptic ciphers from MikroTik products.

Only
TLS 1.3
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
and
TLS 1.2
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

[rex@net] >tool fetch url=“https://doh.mullvad.net/dns-query”
status: failed

failure: ssl connection error: internal error (6)

evbocharov · April 2, 2022, 9:03am

use only TLS 1.2 / TLS 1.3 with unsupported elliptic ciphers from MikroTik products.

how to use it ?

tool fetch url="> https://doh.mullvad.net/dns-query> " status: failed

its problem in RouterOS?

rextended · April 2, 2022, 2:05pm

No, is simply unsupported

evbocharov · April 3, 2022, 9:04am

its RouterOS7 unsupported?

rextended · April 3, 2022, 9:06am

I must rewrite the reply on post #2 ???

evbocharov · April 3, 2022, 9:35am

ok. thank you.
unsupported elliptic ciphers from MikroTik products - problem in ROS.

strasharo · January 4, 2023, 12:38pm

Was considering switching from Cloudflare to Mullvad but saw this. Is it still unsupported?

evbocharov · January 8, 2023, 10:37am

Use

/tool fetch url=https://curl.se/ca/cacert.pem

/certificate import file-name=cacert.pem passphrase=“”