Cloudflare's DoH request is being rejected/dropped when request is sent from a MikroTik RouterOS device

I tried the instructions here and here for setting up Cloudflare’s DoH on MikroTik RouterOS v6.47 but it simply refuses to work as Cloudflare is dropping the request for some reason:

Below is the error found in the RouterOS Logs.

“DoH server connection error: Idle timeout - waiting data” & “DoH server connection error: remote disconnected while in HTTP exchange”

Can you curl the endpoint directly?

curl -H 'accept: application/dns-json' https://cloudflare-dns.com/dns-query?name=example.com

Also going to https://1.1.1.1/help would show if you have any reachability issues. I don’t have a Mikrotik router unfortunately, perhaps there’s a way to enable more verbose logging.

Can you curl the endpoint directly?

No, curl can’t be used in MikroTik. Is there something else I can do?

Also going to https://1.1.1.1/help would show if you have any reachability issues.

Ignore IPv6, it’s broken from my ISP’s side (BSNL, India).

I don’t have a Mikrotik router unfortunately, perhaps there’s a way to enable more verbose logging.

I will try to figure out verbose logging and post here. In the meantime, anything about curl alternatives? RouterOS doesn’t allow third party packages either.

It seems like you should have at least connectivity to 1.1.1.1. Can you run the curl from your computer to make sure it can go through?

I’m not familiar with curl, but it does exist in Windows PowerShell. Can you share a PowerShell variant of the command?

curl -H 'accept: application/dns-json' https://cloudflare-dns.com/dns-query?name=example.com

The above returns this on Windows:

Invoke-WebRequest : Cannot bind parameter ‘Headers’. Cannot convert the “accept: application/dns-json” value of type
“System.String” to type “System.Collections.IDictionary”.

I don’t how if it’s possible to get a more verbose output but I shared a screenshot of the most verbose settings I could set it up with.

It seems like it can’t resolve the local query for cloudflare-dns.com to bootstrap the DoH. Did you add the static DNS records for cloudflare-dns.com? You could also try using https://1.1.1.1/dns-query as a DoH server address as it looks like it’s reachable for you.

Did you add the static DNS records for cloudflare-dns.com?

Yes, I used regular 1.1.1.1 as a resolver for local query. Also tried manual settings static DNS records for the URL.

You could also try using https://1.1.1.1/dns-query

I tried this and it does not show any errors in the logs, it passes the Cloudflare test, but… It cannot resolved sites blocked in my country. This issue seems persistent on MikroTik, MikroTik forum guys say it’s a Cloudflare thing, I don’t really know at this point.

Official Cloudflare iOS app is working fine locally on my iOS device with DoH as the sites can be accessed.

Are there any more tests I could run? Either it’s a MikroTik-Cloudflare issue or an ISP-Cloudflare issue.

Edit: I spoke too soon