I have setup a firewall rule to drop dns request "184.108.40.206" "220.127.116.11".....
But it seems not working
Should I change forwaord to input or something ???
53 rules and counting.... (ironic number, since we're talking about DNS heheh)
Your firewall could probably be simplified quite a bit.
The first thing that's obvious to me is all of the separate rules to block certain destination address ranges.
You should make an address list called "blocked", add all of the blocked IP ranges to that list, and then replace all of the block rules with one rule:
chain=forward src-address=192.168.88.0/24 dst-address-list=blocked action=drop
Are you getting used in a DNS-Amplification DDoS attack or something?
As Jarda says, your intention isn't clear.
forward = packets going through your Mikrotik, so if your DNS server is on a server behind your router then use forward
input = packets destined to your Mikrotik and don't match a forwarding rule
In your case, your DNS server is not listening for external requests, so to block DNS requests going to your DNS server behind the Mikrotik, use the forward rule.
To firewall inbound DNS requests from certain IP addresses, you'd use:
chain=forward, dst-port=53, src-addr=18.104.22.168
If you have many IP addresses you'd like to block, you can use a list.
If you want your Mikrotik to serve DNS requests to your internal devices, then select "Allow Remote Requests" in your DNS Server, and create a firewall rule to drop requests from the WAN.
chain=input, dst-port=53, in-interface=ether1-gateway
If you aren't serving DNS at all, but are seeing many requests hitting your Mikrotik, there isn't much you can do about it. Or call your ISP and have it blocked upstream. If it's not killing your bandwidth, then ignore it. It'll probably eventually stop.