I've been trying to find a solution on how to enable DoH for devices that are under my switch, cause router does not support it. Spent over 10h struggling, and just as I was writing a post for help, the solution occurred to me. And the solution is better than what I was seeking out. So instead of asking for help I decided to share my solution for others in my footsteps.
1.) Set up DoH (with remote requests) on ROS switch.
2.) In router DHCP settings add the ip of your switch with set up DoH as primary, and your router ip as secondary DNS.
Woala - whole network has DoH!
I'm blanking a lot at the moment, it's past midnight, so I'll add full description for beginners some time later when I have the time and energy. If it's requested.
..............................................................................................
So... I realized I had a pitfall. I got so used to changes made in ROS taking effect immediately, that I forgot I have to renew my client IP manually in some cases. But that also led me to a better and easier solution than what I first thought.
Guess I might as well add command line inputs with cloudflare solution as an example for DoH.
For context, this is for a switch that has bridge as DHCP client with "use peer dns" disabled. Let me know if people need a full switch configuration.
Code: Select all
/ip dns
set servers=1.1.1.1,1.0.0.1
/system ntp client
set enabled=yes
/system ntp client servers
add address=time.cloudflare.com
Run next 2 commands individually.
/tool fetch url="https://cacerts.digicert.com/DigiCertGl ... CA.crt.pem"
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=""
Code: Select all
/ip dns
set allow-remote-requests=yes use-doh-server=https://cloudflare-dns.com/dns-query verify-doh-cert=yes
/ip dns static
add address=1.1.1.1 name=cloudflare-dns.com
add address=1.0.0.1 name=cloudflare-dns.com
If this solution works can be confirmed here https://1.1.1.1/help/
Don't forget to refresh IP's on clients before checking.