From 650e51e37804fe6a35102b2c1969b4488e752a11 Mon Sep 17 00:00:00 2001 From: Pothi Kalimuthu <1254302+pothi@users.noreply.github.com> Date: Fri, 25 Aug 2023 11:24:56 +0530 Subject: [PATCH] Update docs --- doh-scripts/README.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/doh-scripts/README.md b/doh-scripts/README.md index 2a4c6aa..6d272a3 100644 --- a/doh-scripts/README.md +++ b/doh-scripts/README.md @@ -1,20 +1,23 @@ -TODO: +The following DoH services can be automated for now... -- DoH script for nextdns +- [Cloudflare](https://github.com/pothi/mikrotik-scripts/blob/main/doh-scripts/cloudflare.rsc) +- [Google](https://github.com/pothi/mikrotik-scripts/blob/main/doh-scripts/google.rsc) +- [NextDNS](https://github.com/pothi/mikrotik-scripts/blob/main/doh-scripts/nextdns.rsc) +- [Quad9](https://github.com/pothi/mikrotik-scripts/blob/main/doh-scripts/quad9.rsc) -Important thread... https://forum.mikrotik.com/viewtopic.php?f=2&t=160243#p799274 +Or you may use the [generic script](https://github.com/pothi/mikrotik-scripts/blob/main/doh-scripts/generic.rsc). + +Relevant thread in MikroTik forums... https://forum.mikrotik.com/viewtopic.php?f=2&t=160243#p799274 Remember that DoH depends on correct time. So, make sure NTP client is configured. The MikroTik Cloud NTP client service required DNS that in turn requires a working NTP client. So, don't depend on MikroTik Cloud NTP client service. -NextDNS recommends https://curl.se/ca/cacert.pem too. - Root CA certificates that we can use... - https://www.digicert.com/kb/digicert-root-certificates.htm (Download DigiCert Global Root CA) - https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem - works **only** for 1.1.1.1 DoH -# the following don't work for unknown reason... +The following don't work for unknown reason... - https://pki.goog/repository/ - https://support.globalsign.com/ca-certificates/root-certificates/globalsign-root-certificates @@ -23,3 +26,6 @@ Root CA certificates that we can use... Or download most (if not all) root CA certificates from https://curl.se/ca/cacert.pem Recommended - https://pki.goog/repo/certs/gtsr4.pem (validity: 2038) + +NextDNS recommends https://curl.se/ca/cacert.pem too. +