From 7aaa8891ece51f7da49f8abda71eca151f77e192 Mon Sep 17 00:00:00 2001
From: Pothi Kalimuthu <1254302+pothi@users.noreply.github.com>
Date: Fri, 20 Mar 2026 11:39:37 +0530
Subject: [PATCH] Update the syntax to use the built-in trust store

---
 doh-scripts/cloudflare-dns-family.rsc   |  2 +-
 doh-scripts/cloudflare-dns-security.rsc | 10 ++++++++--
 doh-scripts/cloudflare-dns.rsc          |  2 +-
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/doh-scripts/cloudflare-dns-family.rsc b/doh-scripts/cloudflare-dns-family.rsc
index 15c0131..44eb4a9 100644
--- a/doh-scripts/cloudflare-dns-family.rsc
+++ b/doh-scripts/cloudflare-dns-family.rsc
@@ -8,7 +8,7 @@
 /ip dns set verify-doh-cert=no
 
 # since RouterOS v7.19...
-/certificate/settings/set builtin-trust-anchors=trusted
+/certificate/settings/set builtin-trust-store=all
 
 # Add static DNS entries for the DoH server
 /ip dns static remove [find name=family.cloudflare-dns.com]
diff --git a/doh-scripts/cloudflare-dns-security.rsc b/doh-scripts/cloudflare-dns-security.rsc
index 5ed7fcd..11f653a 100644
--- a/doh-scripts/cloudflare-dns-security.rsc
+++ b/doh-scripts/cloudflare-dns-security.rsc
@@ -14,13 +14,15 @@
 :if ($rosVersion != 7) do={
   :error "We need Router OS version 7 to run this script - current ROS version $rosVersion."
 }
+:put "Router OS Version: 7"
 
 :local rosVersionMinor
 :set rosVersionMinor [:pick [/system/routerboard/get current-firmware] 2 4]
+:put "Router OS Minor Version: $rosVersionMinor"
 
-:if ($rosVersionMinor >= 19) do={
+:if ( $rosVersionMinor >= 19 ) do={
     :put "We have the required Router OS version (or greater) - $rosVersion.$rosVersionMinor, to enable built-in CA root certificates."
-    /certificate/settings/set builtin-trust-anchors=trusted
+    /certificate/settings/set builtin-trust-store=all
 } else={
     :put "We use the Router OS version $rosVersion.$rosVersionMinor that is less than the required version (7.19)."
 
@@ -41,14 +43,18 @@
 # /ip dns static add address=2606:4700:4700::1002 name=security.cloudflare-dns.com comment="DoH"
 /ip dns static add address=1.1.1.2 name=security.cloudflare-dns.com comment="DoH"
 /ip dns static add address=1.0.0.2 name=security.cloudflare-dns.com comment="DoH"
+:put "Static DNS entries are added for security.cloudflare-dns.com"
 
 /ip dns set use-doh-server=https://security.cloudflare-dns.com/dns-query verify-doh-cert=yes
+:put "DoH is configured."
 
 # optional steps
 # use the following if IPv6 is available on your internet
 # /ip dns set servers="2606:4700:4700::1112,2606:4700:4700::1002,1.1.1.2,1.0.0.2"
 /ip dns set servers="1.1.1.2,1.0.0.2"
 /ip dhcp-client set use-peer-dns=no [find]
+:put "Custom DNS servers are configured."
 
 # flush existing cache
 /ip dns cache flush
+:put "DNS cache is flushed."
diff --git a/doh-scripts/cloudflare-dns.rsc b/doh-scripts/cloudflare-dns.rsc
index cc641ac..9185e09 100644
--- a/doh-scripts/cloudflare-dns.rsc
+++ b/doh-scripts/cloudflare-dns.rsc
@@ -19,7 +19,7 @@
 # /file remove cert.pem
 
 # since RouterOS v7.19...
-# /certificate/settings/set builtin-trust-anchors=trusted
+# /certificate/settings/set builtin-trust-store=all
 
 # Add static DNS entries for the DoH server
 /ip dns static remove [find name=cloudflare-dns.com]