MikroTik Router Configuration Dynamic DNS And Remote Access

Looking to enhance your internet browsing experience by speeding up your DNS queries and adding an extra layer of security? Enabling DNS over HTTPS (DoH) on your MikroTik router may be just what you need. This tutorial will guide you through the process.

The Basics of DNS

DNS stands for Domain Name System, and it’s the system that translates domain names (such as www.google.com) into IP addresses that computers can use to communicate with each other. DNS queries are usually sent in clear text, which means that anyone who is able to intercept them can see which websites you’re visiting. Additionally, DNS queries can often take quite a long time to resolve, which can slow down your internet browsing.

To address these issues, many internet service providers (ISP) have started to offer DNS caching servers which often improve query response times, but relying solely on an ISP's DNS server can be risky as they can be unsecured, malicious, and not respect user privacy. That’s where DNS over HTTPS (DoH) comes in.

What is DNS Over HTTPS (DoH)?

DoH is a protocol that allows DNS queries to be sent over HTTPS (Hyper Text Transfer Protocol Secure). Since HTTPS encrypts traffic between the client and the server, DNS queries sent using DoH are much harder to intercept by anyone spying on the network.

Additionally, using DoH can speed up DNS queries. Since most web traffic is sent over HTTPS these days, many content delivery networks (CDNs) have started to use the protocol as well. This means that DoH servers can often cache popular DNS records, which can cut down on the time it takes to resolve DNS queries.

Enabling DoH on Your MikroTik Router

Ready to get started? First, you'll need an up-to-date version of RouterOS (at least version 6.45 or above).

Step 1: Choose a DoH Server

The first thing you’ll need to do is choose a DoH provider to use. There are several free and paid DoH providers out there, some of the most popular free ones include:

Cloudflare
Google
Quad9

For the purposes of this tutorial, we'll use Cloudflare (1.1.1.1), but feel free to use any provider you like.

Step 2: Add a DNS Server

Next, you'll need to add a DNS server on your MikroTik router. To do this, open the terminal and run the following command:

/ip dns set servers=1.1.1.1,1.0.0.1

This will set your MikroTik router to use Cloudflare's DNS servers. If you want to use a different provider, simply substitute their IP addresses in the above command.

Step 3: Create a DNS Cache

Now that you’ve set a DNS server, you’ll want to create a local cache to speed up future DNS requests. To do this, run the following command:

/ip dns cache add

This will create a cache that is 1,000 entries in size, which should be more than enough for most home networks. If you have a large network with many devices, you may want to increase this value.

Read also

Step 4: Configure DNS Over HTTPS

Now that you have a DNS server and cache set up, it’s time to configure DoH. To do this, you'll need to create a new outbound NAT rule that redirects all DNS traffic to your chosen DoH server. To create the rule, follow these steps:

Open the WinBox software and connect to your router.
Click on IP > Firewall in the main menu.
Click on the NAT tab.
Click on the + button to add a new rule.

Here’s what each field in the new rule screen should look like:

Chain: srcnat
Action: masquerade
Protocol: tcp
Dst. Address: 1.1.1.1
Dst. Port: 443
Out. Interface: WAN (or whichever interface your router uses to connect to the internet)

Once you’ve filled in all of the fields, click OK to save the new rule.

Step 5: Test Your Configuration

Now that you’ve set up DoH on your MikroTik router, it’s time to test it out. Open a web browser and visit the following website:

https://1.1.1.1/help

If DoH is working correctly, you should see a message that says “Using DNS over HTTPS (DoH): Yes”. If you see a different message, double check the above configuration steps to make sure you didn’t miss anything.

Conclusion

Enabling DNS over HTTPS (DoH) on your MikroTik router is a great way to speed up your internet browsing and add an extra layer of security to your DNS queries. Follow the steps outlined in this tutorial and you’ll be up and running with DoH in no time.