if via webcam or winbox, uncheck Allow remote request (IP->DNS)

Close TCP port 53
Deny all DNS requests from outside

The same thing happened about a year ago. It was decided by closing 53 ports.
chain input; Dst Address @your IP
Protocol 6 (tcp)
Dst port 53.
action drop
(or if you want to add these flood addresses to the list and ban that list for a certain time)
And 1 more rule the same rule for UDP
Protocol 17 (udp)

It?
What's new in 6.22 (2014-Nov-11 14:46):
*) ovpn - added support for null crypto;
*) files - allow to remove empty disk folders;
*) sntp - fix problems with dns name resolving failures that were triggering
system watchdog timeout;
*) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have new features:
tunnels go down when no route to destination;
tunnels go down for 1 minute when transmit loop detected, warning gets logged;
new keepalive-retries setting;
keepalives enabled by default for new tunnels (10sec interval, 10 retries);
*) improved connection-state matcher in firewall - can match multiple states in one rule, supports negation;
*) added connection-nat-state matcher - can match connections that are srcnatted,dstnatted or both;
*) 100% CPU load caused by unclassified services fixed;
*) 6to4 tunnel fixed;
*) new RouterBOOT firmware for Metal 2SHPn to improve wireless stability;
forum.mikrotik.com/viewtopic.php?p=456188

Tell me how to do it correctly, because I banned in the firewall: input, source_adr 0.0.0.0/0 , dst. adr own_external_ip , 53 tcp. After that, the intranet began to have difficulties with "resolving" addresses, etc.

and even better, completely disable dns on mikrotik and use \ distribute via dhcp - dns provider, public google (8.8.8.8 4.4.4.4) or yandex dns.yandex.ru

1. update ROS to the latest version
2. reset settings to zero
3. configure everything via quick set by checking the Firewall checkbox.

Allow DNS requests from your locale and deny DNS requests for others.