If anyone can help please do. Several mikrotik routers I manage can't seem to get a socket connection to port 53. The production application would be a DNS server behind NAT where the WAN connection is the PPPoE interface. ( but I haven't got that far because of this problem )
I tried to setup a test router to experiment different configurations. The one posted here is as simple as I could make it to prove that I still can't make any connections to port 53 from the internet, and the router doesn't even count the attempts in the firewall. I know for a fact the ISP doesn't filter or throttle or otherwise manipulate the internet connection. I think i'm over looking something simple, I just can't see it and i'm out of ideas at this point. I tested other versions of RouterOS going back to 6.33.6 - same issue. If I change the port attempts to 52 or 54, there's no problem.
Here's the test config which shows no filters counting my port 53 TCP or UDP connection attempts:
Code: Select all
[admin@TestTik] > export
# jan/10/2023 13:06:00 by RouterOS 7.6
# software id = 7***-****
#
# model = RB750
# serial number = 2F**********
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=ether1 name=\
pppoe-out1 use-peer-dns=yes user=testlogin@isp
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client
add interface=ether1
/ip firewall filter
add action=accept chain=input dst-port=53 in-interface=ether1 log=yes \
log-prefix=-mydns protocol=tcp
add action=accept chain=input dst-port=53 in-interface=ether1 log=yes \
log-prefix=-mydns protocol=udp
add action=accept chain=input
add action=accept chain=forward
add action=accept chain=output
add action=log chain=input dst-port=53 log-prefix="PORT 53 TCP HIT" protocol=\
tcp
add action=log chain=input dst-port=53 log-prefix="PORT 53 UDP HIT" protocol=\
udp
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/system clock
set time-zone-name=America/Toronto
/system identity
set name=TestTik
/system leds
add interface=pppoe-out1 leds="" type=interface-activity
/system routerboard settings
set boot-device=nand-only