...
There are various ways to find out what root CA certificate is necessary. The easiest way is by using your WEB browser, navigating to the DoH site, and checking the security of the website. Using, for example, Firefox we can see that DigiCert Global Root CA is used by the Cloudflare DoH server. You can download the certificate straight from the browser or navigate to the DigiCert website and fetch the certificate from a trusted source. 
Download the certificate, upload it to your router and import it:
| Code Block | ||
|---|---|---|
| ||
/certificate import file-name=DigiCertGlobalRootCA.crt.pemCertificateFileName |
Configure the DoH server:
| Code Block | ||
|---|---|---|
| ||
/ip dns set use-doh-server=https://cloudflare-dns.com/dns-queryDoH_Server_Query_URL verify-doh-cert=yes |
Note that you need at least one regular DNS server configured for the router to resolve the DoH hostname itself. If you do not have any dynamical or static DNS server configured, add a static DNS entry for the DoH server domain name like this:
...