On WebFig go to IP -> DNS.

Fill in Servers with your selected TCP/UDP servers and Use DoH Server with your selected DoH server.

Or use the terminal to achieve the same config.

Assuming the router is on 192.168.88.1.

You can do this via IP -> Firewall -> Nat on WebFig, or via terminal (SSH/web) with:

/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=192.168.88.1 to-ports=53 protocol=udp dst-port=53 log=no log-prefix="" 
add chain=dstnat action=dst-nat to-addresses=192.168.88.1 to-ports=53 protocol=tcp dst-port=53 log=no log-prefix="" 

Using terminal since it's faster, but you can create the same via WebFig.

/ip firewall filter
add action=drop chain=forward comment="drop DoH" dst-address-list="DoH Servers"

Use

/ip firewall address-list add address=IP/HOST list="DoH Servers"

E.g.:

/ip firewall address-list add address=dns.google list="DoH Servers"

See the commands for adding a full list at mirotik_doh_list_commands.txt based on data from https://github.com/oneoffdallas/dohservers (see bellow for acknowlegements and license details).

All scripts sit under the ./scripts/ folder.

Gets current master of iplist.txt from https://github.com/oneoffdallas/dohservers.

Processes current iplist into mikrotik commands to add addresses to the list.

Generates a mikrotik_all_commands.txt with the commands explained before.

usage: ./generate_for_router.sh router_internal_ip 

• Tested on WSL2 running Debian and Debian 11.
• Commands tested for RouterOS v7.6 running on Mikrotik hAP ac2.
• Please review all commands and use at your own risk.
• See BSD 3 CLAUSE LICENSE for details.

You can find nice public servers at Public DNS at European Alternatives.

• Mikrotik for making awesome network hardware.
• https://european-alternatives.eu for collecting nice alternatives under one site.
• https://github.com/oneoffdallas/dohservers for making available the data under their MIT LICENSE.