I consider a true security breach import any file downloaded from 3rd party site with /import file-name=$scriptName command.
If some hacker or the author itself put some commands inside the downloaded file, can do anything he want with the RouterBOARD…
You are 100% correct. So I do not schedule the script.
I do open the link in a web browser:
https://www.micu.eu/adblock/adblock.php
Have a look at it, and if there is only one command /ip dns static, then I do run the script.
@Jotne, your is correct way to do that,
but for be little paranoid… or considering the real possibility,
the webserver can check user agent,
if it is “Mikrotik/6.x&Fetch” can provide different contents than
if it is, for example, “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0”…
Catch the point?
Noting wrong with being paranoid.
Get your points 
Maybe the script one can change the script to search for commands and stop/delete it if there are more than one command …
Or search on import script on each line the DNS,
this permit also to set a comment=“from the x list”, instead of generic add…
Cant wait for the improved script Jotne!!
Probably someother finish the script, i do not know if Jotne is rewriting the script…:
http://forum.mikrotik.com/t/importing-ip-list-from-file/143071/18
Probably someother finish first the script (jvanhambelgium) , i do not know if Jotne is rewriting the script…:
http://forum.mikrotik.com/t/importing-ip-list-from-file/143071/18
I dont think the world is ready for two rextendeds 
(duplicate post)
The work go on:
http://forum.mikrotik.com/t/importing-ip-list-from-file/143071/1
Fetch bank account from browser cache, send all money to rextended ??
When I get time I will ask you about it, but busy building an enclosure.
oh yes? what about boot time?
10 minutes without firewall rules on RB4011 and CPU spike.
I do not reboot, so have not seen any of this. It also may be different from router to router.
LOL. ok. 
PiHole is not a business, it is an open source free project. There are already many variants, most of them use dnsmasq in one way or the other, like diversion.ch and adguard.
PiHole community could not care less if mikrotik would have its own similar system.
It will not. This is the point of Pi-hole.
Where you get DNS to your hosted webserver (on your lan), does not mater. If its DNS or DoH as long as its the public name for your server.
DoH in your browser will however bypass both your local DNS or local DoH server settings.
Your fears are unfounded.. Pi-Hole only answers the DNS queries (they are tiny chunks of data), all your internet traffic doesn’t go through the Pi board when using Pi-Hole.. You can also install Pi-Hole on a normal VM/PC/server.
Not necessarily.
Because DoH server can be blocked, and then fallback to standard DNS.
How can you ever block all DoH servers? You would at least have to know which DoH server(s) your browser uses…
DoT is of course easier to block.