Try New Technology

History: Roku ads got annoying so I looked into blocking them. After reading multiple posts I was able to put together a complete solution for my setup.

First was to create a free account at NextDNS.io, then login and follow the directions to setup DoH on my router.

NOTE: The Mikrotik instructions are as follows (they offer instructions for most OS, browsers, and many routers):

/tool fetch url=https://curl.se/ca/cacert.pem
/certificate import file-name=cacert.pem
/ip dns set servers=
/ip dns static add name=dns.nextdns.io address=45.90.28.0 type=A
/ip dns static add name=dns.nextdns.io address=45.90.30.0 type=A
/ip dns set use-doh-server=“https://dns.nextdns.io/abcd1234” verify-doh-cert=yes

On NextDNS.io I added the following items:

1. Privacy > Blocklists: Lightswight05 – Ads & Tracking
2. Privacy > Native Tracking Protection – Roku, Samsung, Apple
3. Denylist – *.wwwimg.roku.com
4. Denylist – *.amoeba-plus.web.roku.com

NOTE: Once this was done you can see in the Logs that everything is was working. Looking at my Roku TV main screen, there was a blank area where the ads should be.

The last thing I did to make the most of this filtering was to add the following rules to my Firewall > NAT which ensures any device inside the network trying to access an external DNS server (via UDP/TCP port 53) was redirected to the router and through this DoH service:

/ip firewall nat add action=dst-nat chain=dstnat comment="dns redirector (udp)" src-address=192.168.1.0/24 dst-port=53 protocol=udp to-addresses=192.168.1.1
/ip firewall nat add action=dst-nat chain=dstnat comment="dns redirector (tcp)" src-address=192.168.1.0/24 dst-port=53 protocol=tcp to-addresses=192.168.1.1

Reference that I used to piece this all together:
https://jasonpearce.com/2020/09/16/how-to-disable-ads-on-the-roku-home-screen/
https://forum.mikrotik.com/viewtopic.php?t=133896N