I did a torch on the public interface of the mikrotik router and is seeing lots of DNS requests incoming from the internet.
I already tried adding the firewall rules to block port 53 (tcp and udp) to no avail. Also disabled the “allow remote requests” in DNS settings. Even removed DNS servers entries so DNS resolution will not work in the mikrotik.
Any one have any other method to block that incoming DNS?
Thanks.
Dropping DNS requests inbound from the internet will keep your router from doing anything with the packet (other than dropping the packet). There is NOTHING you can do to prevent a certain type of packet from reaching your router from the internet (other than an upstream firewall). In other words, no matter what firewall rules you employ in your router, if I know your public IP address, I can send ANY packets to you.
You are dropping them - done.
Your problem is caused by the fact that you have removed all the default firewall rules in your router.
Other users solve it like this: They don’t remove the default firewall rules.
That is the best script you have ever written rextended. 
Ahhh yesss… 