Community discussions

MikroTik App
 
abubin
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Fri Aug 03, 2012 12:47 pm

Blocking incoming DNS

Thu Sep 23, 2021 5:29 pm

I did a torch on the public interface of the mikrotik router and is seeing lots of DNS requests incoming from the internet.

I already tried adding the firewall rules to block port 53 (tcp and udp) to no avail. Also disabled the "allow remote requests" in DNS settings. Even removed DNS servers entries so DNS resolution will not work in the mikrotik.

Any one have any other method to block that incoming DNS?

Thanks.
mikrotik-dns.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Blocking incoming DNS

Thu Sep 23, 2021 5:49 pm

Dropping DNS requests inbound from the internet will keep your router from doing anything with the packet (other than dropping the packet). There is NOTHING you can do to prevent a certain type of packet from reaching your router from the internet (other than an upstream firewall). In other words, no matter what firewall rules you employ in your router, if I know your public IP address, I can send ANY packets to you.
You are dropping them - done.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Blocking incoming DNS

Thu Sep 23, 2021 6:39 pm

Your problem is caused by the fact that you have removed all the default firewall rules in your router.

Other users solve it like this: They don't remove the default firewall rules.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Blocking incoming DNS

Thu Sep 23, 2021 6:53 pm

That is the best script you have ever written rextended. ;-)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Blocking incoming DNS

Thu Sep 23, 2021 6:57 pm

Ahhh yesss... :lol:

Who is online

Users browsing this forum: archemist, Google [Bot] and 32 guests