NextDNS in Mikrotik

I second this. My 4011 is on RouterOS 6.48.4 and this syntax doesn't work properly.

/tool fetch url=https://curl.se/ca/cacert.pem
/certificate import file-name=cacert.pem
/ip dns set servers=
/ip dns static add name=dns.nextdns.io address=45.90.28.0 type=A
/ip dns static add name=dns.nextdns.io address=45.90.30.0 type=A
/ip dns static add name=dns.nextdns.io address=2a07:a8c0:: type=AAAA
/ip dns static add name=dns.nextdns.io address=2a07:a8c1:: type=AAAA
/ip dns set use-doh-server=“https://dns.nextdns.io/388d94” verify-doh-cert=yes

I'm on RouterOs 7.2rc4 and this config is what works for me.

I am not sure if setting the SNTP client is necessary but I have had less issues since doing so.

Make sure you disable peer dns from any dhcp clients manually if the final two commands don't suit.

Most importantly, the mozilla bundle has ~150 certificates you don't need, plus it is safer and less to debug if you install the correct certificate manually. The current https://dns.nextdns.io root ca pem can be downloaded here. The following assumes you have downloaded this file, uploaded via winbox / webfig / ftp and imported to Certificates.
 

/system ntp client set enabled=yes servers=time.cloudflare.com
/ip dns set servers=""
/ip dns static add name=dns.nextdns.io address=45.90.28.0
/ip dns static add name=dns.nextdns.io address=45.90.30.0
/ip dns static add name=dns.nextdns.io address=2a07:a8c0::
/ip dns static add name=dns.nextdns.io address=2a07:a8c1::
/ip dns set verify-doh-cert=yes use-doh-server=https://dns.nextdns.io/64aeec
/ip dhcp-client set 0 use-peer-dns=no
/ipv6 dhcp-client set 0 use-peer-dns=no