- User ID
- 1
- Joined
- 7 Jan 2019
- Messages
- 1,768
- Reaction score
- 145
- Points
- 63
If you're running a MikroTik and suddenly see massive DNS traffic (UDP port 53) in your connection tracking, there’s a common cause.
Your router becomes a DNS server. This is fine for LAN use — but without firewall rules, it also allows requests from the internet.
Blocking port 53 on the WAN interface is a quick and effective fix.
The cause
When you enable:/ip dns set allow-remote-requests=yesYour router becomes a DNS server. This is fine for LAN use — but without firewall rules, it also allows requests from the internet.
Result:
- Your router can be used as a public DNS resolver
- You may see large amounts of DNS traffic
- Possible abuse (reflection/amplification)
The simple fix (recommended)
Block DNS requests coming from your WAN interface.Example (PPPoE WAN):
Code:
/ip firewall filter add chain=input protocol=udp dst-port=53 in-interface=pppoe-out1 action=drop
/ip firewall filter add chain=input protocol=tcp dst-port=53 in-interface=pppoe-out1 action=dropWhat this does
- LAN devices → still use router for DNS (works normally)
- Internet → blocked from querying your router
- Stops unwanted DNS traffic / abuse
Important notes
- Keep
allow-remote-requests=yesenabled if your LAN uses the router for DNS - Make sure your WAN interface name matches (e.g. pppoe-out1, ether1, etc.)
- Place these rules above any broad “accept” rules in the input chain
Summary
If you enable MikroTik DNS without restricting access, you may unintentionally expose it publicly.Blocking port 53 on the WAN interface is a quick and effective fix.