Hi Gurus
Turned allow remote requests on (advice regarding something or other in forums). I was surprised to see enourmous outbound traffic (15 to 60 Gb per day) to the point I was notified by my ISP about using all my bandwidth.
I re instated the firewall (using drop everything else rule) but when I check allow remote requests the outbound transmission rate via the internet port is still surprising (to me) in order of 3 Mbps. Incoming does not increase so does not appear to be filling the cache rather just advertising the presence of the service.(even after flushing the cache)
Is this expected behaviour? . Or have I missed a step in configuring the DNS?
Cheers
oldcrow
you have to secure your router so that requests to your IP address from outside cannot access DNS proxy service on your router.
/ip firewall filter
add action=drop chain=input comment=WAN->DNS dst-port=53 in-interface=YOURWAN protocol=udp
Many thanks for advice,
Have placed rule after default drop everything else rule and it does pick up some packets (to my surprise). Will check my default drop everything else rule is configured correctly.
Will try and see what happens over a day or so.
Regards
Chris
Yeah your config sounds screwed up.
With a drop rule there should be no need for an extra rule in there.
Also after the drop rule there should be no hits on any input rules…
This.
Unless you have an established & related rule and the requests are coming form the same hosts and by some wizardry the router is interpreting the new requests as being related as they are from the same src-ip so they are being allowed before they are dropped.
Daft as it sounds, try reboot with the drop DNS rule in place to clear the connection tracking table.