with this creating dynamic ip's..to stop dos attacks.......and if you use Mr. Chupaka formula here.... what firewall rule is used to allow your dns to still work so customers can still get to the internet ...thank you for your time....
/ip firewall filter
add action=jump chain=forward comment=Detect-Ddos connection-state=new \
disabled=no in-interface=ether1 jump-target=detect-ddos
add action=return chain=detect-ddos comment=DOS-Exceptions disabled=no \
src-address-list=DOS-Exceptions
add action=return chain=detect-ddos comment=Detect-Ddos disabled=no \
dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=\
1w chain=detect-ddos comment=Detect-Ddos disabled=no
add action=add-src-to-address-list address-list=ddoser address-list-timeout=\
1w chain=detect-ddos comment=Detect-Ddos disabled=no
add action=drop chain=forward comment=Detect-Ddos connection-state=new \
disabled=no dst-address-list=ddosed src-address-list=ddoser