Community discussions

MikroTik App
 
Otomaru
just joined
Topic Author
Posts: 1
Joined: Wed Nov 30, 2022 10:38 pm

DoH through a ROS switch

Thu Dec 01, 2022 12:49 am

Hello!

I've been trying to find a solution on how to enable DoH for devices that are under my switch, cause router does not support it. Spent over 10h struggling, and just as I was writing a post for help, the solution occurred to me. And the solution is better than what I was seeking out. So instead of asking for help I decided to share my solution for others in my footsteps.

1.) Set up DoH (with remote requests) on ROS switch.
2.) In router DHCP settings add the ip of your switch with set up DoH as primary, and your router ip as secondary DNS.
Woala - whole network has DoH!

I'm blanking a lot at the moment, it's past midnight, so I'll add full description for beginners some time later when I have the time and energy. If it's requested.
..............................................................................................
So... I realized I had a pitfall. I got so used to changes made in ROS taking effect immediately, that I forgot I have to renew my client IP manually in some cases. But that also led me to a better and easier solution than what I first thought.

Guess I might as well add command line inputs with cloudflare solution as an example for DoH.
For context, this is for a switch that has bridge as DHCP client with "use peer dns" disabled. Let me know if people need a full switch configuration.
/ip dns
set servers=1.1.1.1,1.0.0.1
/system ntp client
set enabled=yes
/system ntp client servers
add address=time.cloudflare.com
Wait a minute or two for time to synchronize, then continue

Run next 2 commands individually.
/tool fetch url="https://cacerts.digicert.com/DigiCertGl ... CA.crt.pem"
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=""
/ip dns
set allow-remote-requests=yes use-doh-server=https://cloudflare-dns.com/dns-query verify-doh-cert=yes
/ip dns static
add address=1.1.1.1 name=cloudflare-dns.com
add address=1.0.0.1 name=cloudflare-dns.com
For the same solution as for me, bind the MAC of your switch bridge to a IP in your router settings, then add that IP in router DHCP DNS settings. I also added router IP as secondary DNS for fallback.
If this solution works can be confirmed here https://1.1.1.1/help/
Don't forget to refresh IP's on clients before checking.

Who is online

Users browsing this forum: chechito and 31 guests