What is D.O.H (Dns Over Https)? How is MikroTik used?

It has the same working logic as Doh DNS, that is, the Domain Name that a client device wants to go to is resolved and the request it sends turns into an IP address in the background, the difference of Doh is that it encrypts these requests.

If D.O.H is not used, even if a request is sent to a site using HTTPS, this request is kept as non-encrypted text in the background, and therefore D.N.S requests from client devices may be viewed by ISP or by an unauthorized person.

Clients can be vulnerable to the “MAN IN THE MIDDLE” attack, which is used to route requests to phishing, malware, or monitoring systems.

When DNS Over Https is used, the request and the return response are encrypted so that DNS requests cannot be viewed and directed to different sites and manipulated.
If DOH is used, to talk about the negative aspects for system administrators, if Doh is used on the client-side, you cannot force the requests on port 53 to forward to the DNS you want. Doh will use the 443 port.
If you use DNS to block access to some sites you need to know here, it will be disabled in this process.
Let’s come to use D.O.H (Dns Over Https) with MikroTik
After the Mikrotik v6.47 version, this feature was made available to users.

DNS_Setting
DNS_Setting

You can use the following command to download the certificate for DOH directly from MikroTik.

Let’s import the certificate we downloaded in Mikrotik.

We activate the DOH server on the Mikrotik side.

Finally, we add at least one DNS on the device.

So, lastly, you can check which DNS server you are using on the “https://dnsleaktest.com” site.

I hope it was a useful article.