Have this problem , i made a firewall rule input port 53 drop all packets.. but i still have a knock to my door this packet ,2 days i have 4 million packets dropt and a lot of addresses from which the packages are in the black list. This will continue until the end of the century?
takes a little time for the bad people to know your ip is no longer exploitable
some times i have seen attacks on other ports, be sure of check that
Many people have this onlu on mikrotik? Or this kind of ddos atack?
Not ONLY on MikroTik, but often yes. This is because they do not understand the firewalling and opened up
port 53 on their WAN port. By default it is blocked, but this default does often get modified or gets bypassed e.g.
by manually adding a PPPoE config.
Once port 53 has been open for some time, the bad people notice it and start to abuse it. So closing it does not
stop the problem, at least not immediately.