How can there be more bandwidth in use on my PPOE link than on my bridge? For example sometimes when I am experiencing slow internet response, I look in Winbox and see that I have 6.0 mbps download in constant use when I view PPP/PPOE. Then when I go look at the bridge to see who is using the bandwidth I only see maybe 500k or 1mbps in use? I am confused, help me understand how this can be please.
Seems that you are under DDoS attack e.g. DNS flood which saturates your connection.
Search the forum for DNS, DDoS … there is a lot of threads and examples.
Thank you for the tip. I searched and I ended up trying the DDoS detection and blocking method described in the Mikrotik wiki. The only part I am struggling with is how to add exceptions for DNS servers. I’ve followed the steps exactly and right now I have the final rule that drops the packets disabled because it blocks DNS name resolution. Do I need to add a new rule on the detect-ddos chain, source IP 8.8.8.8, action = accept? I’ve tried that, any suggestions?
I had DNS “Allow Remote Requests” checked, could that be the issue? I unchecked it and so far so good.