I found out that few of my Mikrotik SXTs that works as routers with Public IP on the wlan interfaces, where being DDoS somehow by making lots of connections to the DNS Port on the public IP, this make the router to drop is traffic to almost nothing and hard to access with winbox, when i try to disable the DNS port i see that i have to do it by setting a DROP rule under ip>firewall>filter, is there any chance that we can configure the DNS as we do with the rest of the services in ip>services, so we can say witch interface or network the DNS should be listening ?

Thanks

pd: noted that i need the mikrotik to provide DNS service on the LAN Interface

DNS cache in RouterOS is not seen as a service by us. But an IP utility that is generally used by the router to resolve the domain names. It is user accessible via :resolve console command and usually is automatically invoked when the domain name is supplied. For example, Winbox configuration tool will resolve domain names via the host it is running on, not via the router.

Allowing remote requests does just that. As a result, the user has to protect that process running on the router if he/she chooses to allow access to it.

This is how it is at the moment (in RouterOS 6.x). Maybe, in the future, this will change. But there are various ideas how this could change and nothing is decided yet.

Ok thanks