Mikrotik DNS Open Resolver Protection

Published by Gizmo_RA2 on

DNS Open Resolver Protection

To protect the Router from being a DNS open resolver, we can block DNS access from the WAN entirely.

This tutorial assumes your internet port is called WAN (if not, replace WAN with your interface name).

/ip firewall filter
add action=drop chain=input connection-state=new dst-port=53 in-interface=WAN protocol=udp
add action=drop chain=input connection-state=new dst-port=53 in-interface=WAN protocol=tcp
Categories: Mikrotik Scripts

Related Posts

Mikrotik Scripts

Mikrotik Block Bogon Networks

How we block bogon networks on our network.

Mikrotik Scripts

Mikrotik SSH Brute Force Mitigation

How we mitigate SSH brute force attacks on our network.

Mikrotik Scripts

Mikrotik Winbox Brute Force Mitigation

How we mitigate Winbox brute force attacks on our network.