DoH Server Connection Error: "DoH server connection error: while"

csurata · March 11, 2025, 8:33pm

Additional information

I don’t know/other

What is the issue you’re encountering

DoH server connection error: while reading - Connection reset by peer Additionally, when checking the logs, I see repeated DNS query failures and the MikroTik returning messages like “server failure” and “dns query failure”.

What steps have you taken to resolve the issue?

Checking if port 443 (HTTPS) is being blocked or filtered by the firewall.
Testing with other DoH servers (Cloudflare, Google, etc.).
Certificates are ok
Verifying DNS settings on MikroTik and confirming that DoH is configured correctly.

csurata · March 16, 2025, 6:35pm

Summary: Forcing DNS-over-HTTPS (DoH) to Use IPv6 on MikroTik RouterOS v7.18

Issue:

Despite configuring DoH with IPv6, the MikroTik router continued to prioritize IPv4 for DNS queries, resulting in errors when connecting to Cloudflare via IPv4.

Solution:

To enforce IPv6 for DoH and bypass IPv4 limitations, follow these steps:

Static DNS Entries for DoH Server:

Add a static DNS entry to resolve the DoH server domain (e.g., cloudflare-dns.com) exclusively to its IPv6 address:

/ip dns static add name=cloudflare-dns.com address=2606:4700:4700::1111

This ensures the router never queries external DNS for the DoH domain, forcing IPv6.

Remove Traditional DNS Servers:

Clear all IPv4 DNS servers to prevent fallback:

/ip dns set servers="" allow-remote-requests=yes

Block IPv4 for DoH via Firewall:

Temporarily drop IPv4 traffic to the DoH server’s IPv4 addresses (e.g., Cloudflare’s 1.1.1.1):

/ip firewall filter add chain=output protocol=tcp dst-address=1.1.1.1 dst-port=443 action=drop comment="Block DoH IPv4"

This closes active IPv4 connections and forces the router to use IPv6.

Flush DNS Cache:

Clear cached entries to ensure fresh IPv6 resolutions:

/ip dns cache flush

Adjust Route Priorities:

Verifique no firewall IPv6 connection para certificar que as conexões IPv6 para o DNS estão acontecendo.
Verifique no firewall IPv4 connection para certificar que as conexões IPv4 para o DNS não estão acontecendo.

RouterOS v7+ deprecated the prefer-ipv6 setting. Route metrics and DNS configuration are now critical for prioritizing IPv6.

If issues persist, ensure your ISP provides stable IPv6 connectivity (e.g., via PPPoE).

This approach successfully bypassed unreliable IPv4 routes while enforcing IPv6 for secure DoH traffic.

system · March 18, 2025, 6:36pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
DoH server connection error not work in Mikrotik Registrar	1	3088	June 18, 2021
Cloudflare's DoH request is being rejected/dropped when request is sent from a MikroTik RouterOS device 1.1.1.1	7	14975	June 18, 2021
Is 1.1.1.1 working properly? 1.1.1.1	1	1063	May 19, 2023
Setting up DoH on Mikrotik Gateway	3	24218	June 28, 2021
1.1.1.1 DNS over HTTPS suddenly failing DNS & Network	1	971	July 8, 2023