Stopping Open DNS - MikroTik

From AAISP Support Site
Revision as of 15:17, 6 May 2014 by Supervacuo (talk | contribs) (Add initial content)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

MikroTik RouterBoard 951-2n

(may be relevant for other models)

A DNS server is not running by default, but can be configured under /ip dns (or the "IP / DNS" GUI menu), in which case the router will act as an.

A firewall filter rule can prevent incoming DNS traffic on the WAN interface: 

 /ip firewall filter
 add chain=input action=drop protocol=tcp in-interface=pppoe-out1 dst-port=53
 add chain=input action=drop protocol=udp in-interface=pppoe-out1 dst-port=53

(replace ppoe-out1 with your external interface name obtained from /interface print).

You can also configure this in the GUI under "IP / Firewall / Filter Rules":

Mikrotik external dns block.png

Thanks to Jay Pudasaini for the general solution.

Retrieved from ‘http://support.aa.net.uk/index.php?title=Stopping_Open_DNS_-_MikroTik&oldid=5710