Such cases are quite common when an internet provider sends emails stating that your IP is open to a dns resolver.
Without seeing you firewall configuration, let's say you use the default config. Close access to dns 53 port from the outside. It is best to use Raw chain so as not to overload the cpu.
LAN=local lan, WAN=internet ISP
/ip firewall raw
add action=add-src-to-address-list address-list="DNS flood" address-list-timeout=4w2d chain=prerouting comment=\
DNS dst-port=53 in-interface-list=WAN protocol=udp
add action=drop chain=prerouting dst-port=53 in-interface-list=WAN protocol=udp src-address-list="DNS flood"
add action=drop chain=prerouting dst-port=53 in-interface-list=WAN protocol=tcp src-address-list="DNS flood"
Thanks, but isnt this enough?
add action=reject chain=input comment="Drop !DNS" dst-port=53 protocol=tcp reject-with=icmp-network-unreachable src-address-list=!DNS
add action=reject chain=input comment="Drop !DNS" dst-port=53 protocol=udp reject-with=icmp-network-unreachable src-address-list=!DNS
where DNS address list is 1.1.1.1 and 8.8.8.8
this is filters
/ip firewall filter
add action=accept chain=forward comment="Allow Est, Rel" connection-state=established,related
add action=accept chain=input comment="Allow Est, Rel" connection-state=established,related
add action=accept chain=input comment=SSH dst-port=4777 protocol=tcp src-address-list=HQ2_IPs
add action=accept chain=input comment=SSH dst-port=4777 protocol=tcp src-address-list=HQ1_IPs
add action=accept chain=input comment=WinBox dst-port=8291 protocol=tcp src-address-list=HQ1_IPs
add action=accept chain=input comment=WinBox dst-port=8291 protocol=tcp src-address-list=HQ2_IPs
add action=accept chain=input comment="Allow ICMP" protocol=icmp src-address-list=HQ2_IPs
add action=accept chain=input comment="Allow ICMP" protocol=icmp src-address-list=HQ1_IPs
add action=drop chain=forward comment="Drop Inv." connection-state=invalid
add action=drop chain=input comment="Drop Inv." connection-state=invalid
add action=reject chain=input comment="Drop !DNS" dst-port=53 protocol=tcp reject-with=icmp-network-unreachable src-address-list=!DNS
add action=reject chain=input comment="Drop !DNS" dst-port=53 protocol=udp reject-with=icmp-network-unreachable src-address-list=!DNS
add action=accept chain=output comment="OUT- PMTUD" icmp-options=3:4 protocol=icmp
add action=accept chain=input comment="IN- PMTUD" icmp-options=3:4 protocol=icmp
add action=accept chain=input comment="IN-Allow ping 1468b do 5 u sekundi" limit=5,1:packet packet-size=1468 protocol=icmp
add action=add-src-to-address-list address-list=pingers address-list-timeout=1d chain=input comment="IN-list ICMP which dont match criteria" in-interface-list=WAN log-prefix=Ping@IN protocol=icmp src-address-list=""
add action=add-src-to-address-list address-list=@Services_Phase1 address-list-timeout=30m chain=input comment=IN-Services_Phase1 dst-port=21,22,23,69,80,443,5060,8080 in-interface-list=WAN protocol=tcp
add action=add-src-to-address-list address-list=@Services_Phase1 address-list-timeout=30m chain=input comment=IN-Services_Phase1-UDP dst-port=21,22,23,69,80,443,5060,8080 in-interface-list=WAN protocol=udp
add action=add-src-to-address-list address-list=@Services_Phase2 address-list-timeout=30m chain=input comment=IN-Services_Phase2 dst-port=21,22,23,69,80,443,5060,8080 in-interface-list=WAN protocol=tcp src-address-list=@Services_Phase1
add action=add-src-to-address-list address-list=@Services_Phase2 address-list-timeout=30m chain=input comment=IN-Services_Phase2-UDP dst-port=21,22,23,69,80,443,5060,8080 in-interface-list=WAN protocol=udp src-address-list=@Services_Phase1
add action=add-src-to-address-list address-list=@Services_Phase3 address-list-timeout=1w chain=input comment=IN-Services_Phase3 dst-port=21,22,23,69,80,443,5060,8080 in-interface-list=WAN protocol=tcp src-address-list=@Services_Phase2
add action=add-src-to-address-list address-list=@Services_Phase3 address-list-timeout=1w chain=input comment=IN-Services_Phase3-UDP dst-port=21,22,23,69,80,443,5060,8080 in-interface-list=WAN protocol=udp src-address-list=@Services_Phase2
add action=drop chain=input comment=IN-Faza3_dropRAW disabled=yes src-address-list=@Services_Phase3
add action=drop chain=input comment="IN-Blokiraj Shodan" src-address-list=shodan
add action=drop chain=input comment="IN-Brani se od pingera" src-address-list=pingers
add action=drop chain=input disabled=yes packet-size=200-65535 protocol=icmp
add action=drop chain=forward disabled=yes packet-size=200-65535 protocol=icmp
add action=jump chain=forward comment="SYN Flood protect FORWARD" connection-state=new disabled=yes jump-target=syn-attack protocol=tcp tcp-flags=syn
add action=jump chain=input comment="SYN Flood protect INPUT" connection-state=new disabled=yes jump-target=syn-attack protocol=tcp tcp-flags=syn
add action=accept chain=syn-attack connection-state=new disabled=yes limit=400,5:packet protocol=tcp tcp-flags=syn
add action=drop chain=syn-attack connection-state=new disabled=yes protocol=tcp tcp-flags=syn