You may see in live scenario your mikrotik is getting huge DNS request from internet and so the users are getting the DNS resolve problem and also it can create a big impact on your netwwork .
Please add these below firewall rules when you are seeing huge DNS request from internet.
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
In here eth1 is my WAN interface which is connected to ISP .and eth 6 is my LAN Interface.
This above firewall rule will help you to reduce the DNS request from WAN but some times it can create some problem for LAN users so you have to add this below rule for LAN interface.
/ip firewall filter
add action=drop chain=forward dst-port=53 out-interface=!ether6 protocol=udp
add action=drop chain=forward dst-port=53 out-interface=!ether6 protocol=tcp
No comments:
Post a Comment