Why does dns give answers to them?

N

neandertalec2019-05-22 15:44:12

Mikrotik

neandertalec, 2019-05-22 15:44:12

There are dns requests from outside to Mikrotik.

I blocked the provider interface with the drop c rule.

The counter is blocking.

In the connection tracker, a ton of dns queries are gone.
I look at the dns log

Question:
It turns out that despite the drop , Mikrotik's dns processes requests from the outside, so it also sends answers to them?
If I understand correctly, how to do so that requests from the outside are not processed at all. Only from local

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

P

poisons, 2019-05-22
@neandertalec

Suddenly dns also responds at 53/tcp! Magic!

K

Keffer, 2019-05-22
@Keffer

A typical DNS attack, what prevents you from creating the last deny rule and blocking everything by input, which is clearly not allowed above?

S

Sergey, 2019-05-22
@feanor7

It will not be enough, there is still port 953, it all depends on the specific settings of your warm lamp DNS

B

baxer, 2019-05-23
@baxer

Disable DNs relay in dns settings

V

Vladimir Zhurkin, 2019-05-26
@icCE

Since requests are also received on 53/tcp .
In general, what kind of stupidity is it to block only selected things?
Why don't you have a generic drop on Input at all.
If you do not yet understand how and what works, use the default configuration.