Mikrotik - DNS DoS Attack Prevention
If you are experiencing high ping times and/or slower than normal internet speeds, you might be a victim fo a DNS DoS attack.
This article will walk you through creating a firewall rule on Mikrotik routers to block this attack.
- Log into your Mikrotik and navigate to IP >> Firewall >> then select the Filter Rules tab.
2. Click on the + icon to add a new rule and input these settings:
- Chain = "input".
- Protocol = "udp".
- Dst. Port = "53"
- Interface = "ether1-gateway" (or whichever WAN port you are using)
4. Click on the Action tab and select "drop" then click Apply.
This will effectively stop external DNS requests to your firewall.
If you have any questions please submit a ticket to our Technical Support Department.
Related Articles
Mikrotik - Complete Setup Guide
**Disclaimer: This guide is provided by 3NG as a courtesy to its partners. You are using this guide at your own risk and 3NG is NOT responsible or liable for any issues that may occur from the use of this guide or a Mikrotik device. While we ...Mikrotik - Change LAN Subnet
By default Mikrotik use the following LAN subnet, 192.168.88.0/24 with the gateway IP being 192.168.88.1. For this example the Mikrotik's subnet is being changed to 10.0.0.0/24 with a gateway IP of 10.0.0.1. There are six items that will be updated. ...Mikrotik DHCP Change
1 - Addresses 2 - Pool 3 - DNS - Static 4 - DHCP Server Network 5 - DHCP Server PoolMikrotik - Network Layout using Mikrotik & Firewall
**DISCLAIMER: The implementation described in this article has several pros and cons. It will help route VoIP traffic around an existing router or firewall that is conflicting with the VoIP service. It will also provide additional support tools like ...Mikrotik - Enabling Option 66
What is Option 66? Option 66 is a feature available in most commercial grade routers which enables offering a 'provisioning server address' to any device on the same LAN and obtaining an IP via DHCP. This method of "broadcasting" the server address ...