If you need to use the routerboard as a DNS server for LAN clients use input filters in /IP Firewall to block access to the DNS server from the WAN port. Also consider a full security review of your settings because if external access to the DNS server is open it may not be the only problem.
Dropping the traffic should work but it is better to arrange a firewall to permit certain traffic and drop *everything*. If you send me an email with the IPs I will scan them for you to check if they are now blocked.