DOH cloudflare dns on Mikrotik V7

Protecting home Internet connections from malware

With home Internet usage on the rise, it’s never been more important to protect your family from dangerous and malicious sites.

1.1.1.1 for Families is built on top of the same site categorization and filtering technology that powers Cloudflare’s enterprise products. It uses Cloudflare’s Internet intelligence to filter content on your home Internet network.

 

 Mikrotik DOH Setup

Difference cloudflare DNS Settup

1.1.1.1 = normal DNS  

1.1.1.2 = Block malware

1.0.0.3 = Block malware and adult content

# Temporarily add a normal upstream DNS resolver

/ip dns set servers=1.1.1.2,1.0.0.2

Go to Static

add DNS type A and Type AAAA

/ip dns static
/ip/dns/static> add address=2606:4700:4700::1003 name=family.cloudflare-dns.com type=AAAA
/ip/dns/static> add address=2606:4700:4700::1113 name=family.cloudflare-dns.com type=AAAA
/ip/dns/static> add address=1.0.0.3 name=family.cloudflare-dns.com
/ip/dns/static> add address=1.1.1.3 name=family.cloudflare-dns.com

 

Remove on Client IP DNS checkmark

Go back to IP DNS area

 

 Need certificate visit 

https://1.1.1.1/help

on this site go to security certify 
 

 

View Certificate - > 

 

Select DigCert Global Root CA

and Go to 

Download PEM Cert. file

 

 

 

 

 

 

 

 

 

Upload Cert on Mikrotik File

  

 

 

 

 

 

 

 

 

 

 

System - Certificates

 

 

 

 

 

{ Import } Button

Select File Cloudeflare-dns.com.pem and press Import!

testing your DOH on https://one.one.one.one/help

 

Good Job! now Encrypting your DNS