Stopping Open DNS - MikroTik: Difference between revisions
Supervacuo (talk | contribs) (Add initial content) |
Supervacuo (talk | contribs) |
||
| Line 3: | Line 3: | ||
''(may be relevant for other models)'' |
''(may be relevant for other models)'' |
||
A DNS server is not running by default, but can be configured under <code>/ip dns</code> (or the "IP / DNS" GUI menu), in which case the router will act as an [[Category:Open DNS Resolvers| |
A DNS server is not running by default, but can be configured under <code>/ip dns</code> (or the "IP / DNS" GUI menu), in which case the router will act as an [[:Category:Open DNS Resolvers|open DNS resolver]]. |
||
A firewall filter rule can prevent incoming DNS traffic on the WAN interface: |
A firewall filter rule can prevent incoming DNS traffic on the WAN interface: |
||
Revision as of 15:21, 6 Mayıs 2014
MikroTik RouterBoard 951-2n
(may be relevant for other models)
A DNS server is not running by default, but can be configured under /ip dns (or the "IP / DNS" GUI menu), in which case the router will act as an open DNS resolver.
A firewall filter rule can prevent incoming DNS traffic on the WAN interface:
/ip firewall filter add chain=input action=drop protocol=tcp in-interface=pppoe-out1 dst-port=53 add chain=input action=drop protocol=udp in-interface=pppoe-out1 dst-port=53
(replace ppoe-out1 with your external interface name obtained from /interface print).
You can also configure this in the GUI under "IP / Firewall / Filter Rules":
Thanks to Jay Pudasaini for the general solution.