Hello every one,
for some reason which i don’t know yet in the dns settings the allow remote request was on.
when i connected today i was notice that the cpu usage is excessive, i start to check and found out that i have almost full usage of the TX stream about 8-12MByte on my wan connection.
i sniffed the network and find that all of them are DNS request and replayed and all of them ask for “activum.nu”.
i entered to the dns setting and start to think what can do it and i found that the “allow remote request” is responsible, i read this settings is only related to the local network.
Do you know why this setting bypass my FW rules? and almost choke my router?
You should use “/ip firewall filter” to drop DNS requests coming in from the WAN interface(s).
With this setting on, and without filters, the router will respond to requests coming in from any interface, because RouterOS can’t “know” if an interface is a WAN or LAN one.
The filters in question should apply to the “input” chain, since the router itself is the destination. More specifically, run from terminal:
Only if you have such a rule. It will do exactly what you tell it to do. With no rule it will do nothing.
Common firewall rules will look like this:
allow something
allow something else
allow another thing…
deny anything else
And keep in mind you have to do this twice for both chains, “input” for traffic targeted to the device itself and “forward” for traffic wich travels through the device if you want to have a complete firewall.
Show us your config. And give us other information about your router and network.
When you have a CCR, you are responsible for configuring it from zero and to build a suitable firewall.
When you have one of the smaller routers, it comes with a default config that is secure, but often it is destroyed by new users e.g. by using some Youtube video to set it up, e.g. adding a PPPoE interface to internet without subsequently modifying the firewall.
That would not have happened when working according to the official manual and/or when using the setup wizard instead of those shady Youtube videos.
I too had the same experience. Kind of sneaky that there is no information about this in the mikrotik wiki.
“Allow remote request” under DNS setting. Speeds things up something most users can benefit from.
What one must do is to block DNS requests from the WAN side, otherwise after a while you will be picked
up on the Internet and other computers or users will thing that this is a open and free DNS server to use.
Also most ISPs do not like this, just as they do not like you running your own mail server, there are security
issues with all this.
Do not ask me I do not know much about it but you can read it about this on the Internet. As other said before
you must add two filter rules to block DNS request from the WAN side of your router.
No, instead you must add a rule that blocks ALL new traffic from the WAN side of the router.
And this rule is there by default (in the routers that come with default config).
Don’t block specific ports, block EVERYTHING and if required ALLOW some specific ports that you are using.