DNS Server Spoofed Request Amplification DDoS

muhammad.usg1 · February 3, 2026, 7:02am

Remote DNS servers respond to every request. It is possible to query the root zone name server (NS) (‘.’) and
get a response that is larger than the original request. By spoofing the source IP address, remote attackers can
exploit this ‘amplification’ to launch denial of service (DoS) attacks against third-party hosts using remote DNS servers

Current conditions:

The detected IP address is the ISP's public IP address used for VPN
The router uses MikroTik
MikroTik DNS has been configured:
Allow Remote Requests? Not checked
Firewall rules have been created to block DNS (port 53 TCP/UDP) from the public
No other DNS services are intentionally exposed to the internet

erlinden · February 3, 2026, 9:11am

By default, even with remote requests turned on, the service isn't available on the WAN site. Can you elaborate the purpose of this topic?

BartoszP · February 4, 2026, 8:35am

I would say: could you please ask the question as I see no signs of it? What is your problem if you have any?