After updating my MikroTik AX2 to RouterOS 7.21, DNS over HTTPS (DoH) stopped working correctly.
Some Android devices immediately report “no internet” when connected via Wi‑Fi, even though other clients still work.
After some time, even the router itself fails to resolve DNS names — for example, checking for firmware updates returns: ERROR: could not resolve dns name (timeout).
The only workaround is to disable DoH and fall back to plain DNS servers (e.g. 8.8.8.8, 1.1.1.1).
This issue did not exist before 7.21 — the same setup worked for months without problems.
I kindly ask MikroTik developers to properly test the builds they label as “stable”. Users should not waste hours debugging basic connectivity issues. Even very cheap consumer routers from other vendors do not break DNS resolution after updates.
Please investigate and fix DoH functionality in RouterOS 7.21, as it currently makes the feature unusable on AX2 and causes serious compatibility problems with Android clients.
I didn’t have such problems with DoT and very old not mikrotik routers
How did you compare? Did you use doh from Google or Cloudflare as well? What other investigation steps did you make? Observation of "some client" and "after a time" do not really describe reproducible behaviour.
So now I am confused. First you said DNS is your workaround for your doh troubles. but then you imply broken DNS, "other vendors do not break DNS". Is now nothing working at all? neither DNS nor doh?
Have you verified your DOH configuration still working by downgrading to e.g. 7.20.7 long term? Maybe the DOH server is not compatible anymore. Quad9 switched off http/1 recently and Mikrotik doh client does not support http2 yet.
All had been worked before 7.21 update for several months. After 7.21 even router couldn’t check new updates because of “ERROR: could not resolve dns name (timeout)“
As soon as I disabled DoH, all the problems on the router itself and some Android devices disappeared.
I don't have time for experiments with different versions. The city's power goes out every few hours, and every day it's bombarded with missiles and other things. I need a working device.
Don't get me wrong, but you had time to upgrade. Just downgrade to the version you were before upgrading. This should resolve your issue and is probably the fastest way to restore working doh.
I thought Mikrotik used newer technologies, not ones that were being discontinued.
For now, I've entered Google's servers into the settings. Everything works fine with them. Although I wouldn't want to use servers from such a corporation
I didn’t have such problems with DoT and very old not mikrotik routers.
It's quad9's unilateral decision to disallow http/1.1. Anyway, Mikrotik is working on enabling http/2. Such is life.
DoT always assumed that the certificate is independently and manually acquired.
Having a dns resolver that encrypts, verifies, filters queries was never a straightforward thing. It was always in the expensive/subscription area, and even then it has never been exactly set-and-forget.
So RIP should be RIP as an ancient protocol? PPP? HTTP? Telnet? FTP? WiFi b? IP4 when we have IP6? etc.?
Switching off the support for one protocol by one company does not mean technology being discontinued by all.
It is more or less just a complaint without evidence. It could be anything. And according to Cloudflare docs, their doh supports http,http2 and http3. So it should work. If it does not work, most likely misconfiguration. We could help, probably, but OP did not post config and has no time for troubleshooting. This topic is a dead end I guess.