You are very brave you have port 53 exposed to the world and you were so proud of it
DNS requests are only accepted from internal network via this rule:
/ip firewall filter add action=accept chain=input comment="Accept incoming connections to router from intern" connection-state=new src-address-list=intern
Requests from WAN are dropped via:
/ip firewall filter add action=drop chain=input comment="Drop *"
Please try again with an ANY request. Also in other (working) setups I get the log entry "dns query from 255.255.255.255[" when using dig with ANY.What is the problem in the excerpt you posted is that the query is received from 255.255.255.255 - here is one on my mikrotik:See? Unicast, not broadcast.Code:21:28:39 dns query from 192.168.2.254: #239527 www.whitehouse.gov. A 21:28:39 dns done query: #239527 www.whitehouse.gov. 192.0.66.168
Statistics: Posted by kehrlein — Sat Jan 06, 2024 1:25 am