groove/mikrotik-scripts
1
0
Fork 0
mirror of https://github.com/pothi/mikrotik-scripts.git synced 2026-04-06 05:19:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update the syntax to use the built-in trust store

Browse source
This commit is contained in:
Pothi Kalimuthu 2026-03-20 11:39:37 +05:30
parent 7b7608f521
commit 7aaa8891ec
No known key found for this signature in database
GPG key ID: 57069303D36E3093
3 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
doh-scripts/cloudflare-dns-family.rsc
View file

@ -8,7 +8,7 @@
/ip dns set verify-doh-cert=no
# since RouterOS v7.19...
/certificate/settings/set builtin-trust-anchors=trusted
/certificate/settings/set builtin-trust-store=all
# Add static DNS entries for the DoH server
/ip dns static remove [find name=family.cloudflare-dns.com]

10
doh-scripts/cloudflare-dns-security.rsc
View file

@ -14,13 +14,15 @@
:if ($rosVersion != 7) do={
:error "We need Router OS version 7 to run this script - current ROS version $rosVersion."
}
:put "Router OS Version: 7"
:local rosVersionMinor
:set rosVersionMinor [:pick [/system/routerboard/get current-firmware] 2 4]
:put "Router OS Minor Version: $rosVersionMinor"
:if ($rosVersionMinor >= 19) do={
:if ( $rosVersionMinor >= 19 ) do={
:put "We have the required Router OS version (or greater) - $rosVersion.$rosVersionMinor, to enable built-in CA root certificates."
/certificate/settings/set builtin-trust-anchors=trusted
/certificate/settings/set builtin-trust-store=all
} else={
:put "We use the Router OS version $rosVersion.$rosVersionMinor that is less than the required version (7.19)."
@ -41,14 +43,18 @@
# /ip dns static add address=2606:4700:4700::1002 name=security.cloudflare-dns.com comment="DoH"
/ip dns static add address=1.1.1.2 name=security.cloudflare-dns.com comment="DoH"
/ip dns static add address=1.0.0.2 name=security.cloudflare-dns.com comment="DoH"
:put "Static DNS entries are added for security.cloudflare-dns.com"
/ip dns set use-doh-server=https://security.cloudflare-dns.com/dns-query verify-doh-cert=yes
:put "DoH is configured."
# optional steps
# use the following if IPv6 is available on your internet
# /ip dns set servers="2606:4700:4700::1112,2606:4700:4700::1002,1.1.1.2,1.0.0.2"
/ip dns set servers="1.1.1.2,1.0.0.2"
/ip dhcp-client set use-peer-dns=no [find]
:put "Custom DNS servers are configured."
# flush existing cache
/ip dns cache flush
:put "DNS cache is flushed."

2
doh-scripts/cloudflare-dns.rsc
View file

@ -19,7 +19,7 @@
# /file remove cert.pem
# since RouterOS v7.19...
# /certificate/settings/set builtin-trust-anchors=trusted
# /certificate/settings/set builtin-trust-store=all
# Add static DNS entries for the DoH server
/ip dns static remove [find name=cloudflare-dns.com]