I just received this email below from my ISP…I am new to router OS and Im looking for some help on fixing this…
“You are receiving this email as it appears your system is running an open DNS resolver - this is usually due to an unnecessary service running on your wired or wireless router. This service is sometimes called ‘DNS Relay’ or ‘DNS Proxy’ and the ability to configure this service is generally found in your router’s admin page. Most users can turn this feature off with no impact to internet service”
and check default firewall configuration that are set on soho routers, set something similar to this, or disable ‘/ip dns’ allow-remote-requests (by setting that to no/false/unselecting the checkbox)
when not allowing remote requests is turned off the Debit/ credit card machines hooked up to the router would not allow a transaction to complete. Would you have another suggestion?
go to /ip firewall filter. Add rule, chain=input in-interface=the Public side interface protocol=udp dst port=53 action=drop
Then add, chain=input in-interface=the Public side interface protocol=tcp dst port=53 action=drop
These rules will drop any query to you public side interface port 53 (which is the DNS ‘port’). It will let your private side query the routerboard for DNS info and will also allow the routerborad to make DNS requests to remote servers.
I had this same problem with about 3 mikrotiks I had deployed… when I unchecked the remote resolve dns box all dns stopped on the internal network. I’m trying to add the firewall rule now to all of my routers and so far so good. Thank you!