It has the same working logic as
Doh DNS, that is, the Domain Name that a client device wants to go to is resolved and the request it sends turns into an IP address in the background, the difference of Doh is that it encrypts these requests.
D.O.H is not used, even if a request is sent to a site using
HTTPS, this request is kept as non-encrypted text in the background, and therefore
D.N.S requests from client devices may be viewed by
ISP or by an unauthorized person.
Clients can be vulnerable to the “
MAN IN THE MIDDLE” attack, which is used to route requests to phishing, malware, or monitoring systems.
When DNS Over Https is used, the request and the return response are encrypted so that DNS requests cannot be viewed and directed to different sites and manipulated.
If DOH is used, to talk about the negative aspects for system administrators, if Doh is used on the client-side, you cannot force the requests on
port 53 to forward to the DNS you want. Doh will use the
If you use DNS to block access to some sites you need to know here, it will be disabled in this process.
Let’s come to use D.O.H (
Dns Over Https) with MikroTik
After the Mikrotik v6.47 version, this feature was made available to users.
You can use the following command to download the certificate for DOH directly from MikroTik.
/tool fetch url="https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem"
Let’s import the certificate we downloaded in Mikrotik.
/certificate import file-name=DigiCertGlobalRootCA.crt.pem
We activate the DOH server on the Mikrotik side.
/ip dns set use-doh-server=https://cloudflare-dns.com/dns-query verify-doh-cert=yes
Finally, we add at least one DNS on the device.
/ip dns set servers=18.104.22.168
So, lastly, you can check which DNS server you are using on the “
I hope it was a useful article.