![\"basic\"](\"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2015\/05\/basic.jpg\")
<\/a><\/p>\nether1 is our upstream ISP connection. \u00a0Customers are other ports. \u00a0In this case if we want to block all port 53 requests from the outside world we specify the WAN interface to drop in the following code:<\/p>\n
\/ip firewall filter\r\n<\/span>add chain=input in-interface=ether1 protocol=udp dst-port=53 action=drop\r\n<\/span>add chain=input in-interface=ether1 protocol=tcp dst-port=53 action=drop\r\n<\/span><\/pre>\nThis will still allow your Mikrotik to send out DNS queries because they are sourced from a non reserved port. We are simply blocking the Mikrotik from not answering port 53 requests on the external interface.<\/p>\n
In a later post we will talk about what to do if you have multiple wan interfaces or multiple exit paths on your router (say running OSPF)<\/p>\n","protected":false},"excerpt":{"rendered":"
There are several reasons and benefits to using your Mikrotik as a DNS caching server. \u00a0Queries to the client are just a tad faster, which makes the overall user experience seem snappier. \u00a0It also allows you to quickly change upstream DNS servers in the even of an outage, attack, etc. There are two main avenues […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1],"tags":[170,171,40,25,108],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6VLMf-4N","jetpack-related-posts":[{"id":1353,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-router-os-6-36-2\/","url_meta":{"origin":297,"position":0},"title":"Mikrotik Router OS 6.36.2","author":"j2sw","date":"August 26, 2016","format":false,"excerpt":"To upgrade, click \"Check for updates\" at \/system package in your RouterOS configuration interface, or head to our download page: http:\/\/www.mikrotik.com\/download v6.36.2 forum topic discussion, http:\/\/forum.mikrotik.com\/viewtopic.php?f=21&t=111450 What's new in 6.36.2 (2016-Aug-22 12:54): *) arm - show cpu frequency under resources menu; *) capsman - fixed upgrade policy; *) ccr\/crs -\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":204,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-router-os-6-22-released\/","url_meta":{"origin":297,"position":1},"title":"Mikrotik Router OS 6.22 Released","author":"j2sw","date":"November 13, 2014","format":false,"excerpt":"From the ChangeLog What's new in 6.22 (2014-Nov-11 14:46): *) ovpn - added support for null crypto; *) files - allow to remove empty disk folders; *) sntp - fix problems with dns name resolving failures that were triggering system watchdog timeout; *) eoip\/eoipv6\/gre\/gre6\/ipip\/ipipv6\/6to4 tunnels have new features: tunnels go\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":71,"url":"http:\/\/www.mtin.net\/blog\/most-popular-services\/","url_meta":{"origin":297,"position":2},"title":"Most Popular Services","author":"j2sw","date":"July 18, 2014","format":false,"excerpt":"I was recently asked what some of our most popular services we offer to clients are. \u00a0The following are the top ones that come to mind 1.Converting bridged networks to routed 2.Remote Monitoring from our Data Centers. This allows a client to be notified in case they lose connectivity to\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1379,"url":"http:\/\/www.mtin.net\/blog\/simple-shut-off-scripting\/","url_meta":{"origin":297,"position":3},"title":"Simple shut-off scripting","author":"j2sw","date":"September 15, 2016","format":false,"excerpt":"I had a client today who is doing some manual things as they are using Quickbooks for billing and such. \u00a0One thing they kind of struggle with is turning off people for non-payment and such. \u00a0Their current method is adding a que and throttling someone to a low-speed to make\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2250,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-destination-nat\/","url_meta":{"origin":297,"position":4},"title":"Mikrotik Destination Nat","author":"j2sw","date":"May 1, 2018","format":false,"excerpt":"Scenario You have a customer with a Mikrotik router that needs a port forwarded to an internal IP address. In our case, a customer has a camera that communicates on port 80 with a static IP add of 192.168.21.49 on their internal LAN. Solution add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=192.168.21.49\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":99,"url":"http:\/\/www.mtin.net\/blog\/router-os-6-18-released\/","url_meta":{"origin":297,"position":5},"title":"Router OS 6.18 released","author":"j2sw","date":"August 8, 2014","format":false,"excerpt":"From The ChangeLog What's new in 6.18 (2014-Aug-01 10:47): *) sstp - report TLS encryption as well; *) safe mode - do not allow user with less permissions to disrupt active safe mode; *) console - print command does not try to reuse item numbers assigned by previous invocations of\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/297"}],"collection":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/comments?post=297"}],"version-history":[{"count":2,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/297\/revisions"}],"predecessor-version":[{"id":300,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/297\/revisions\/300"}],"wp:attachment":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media?parent=297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/categories?post=297"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/tags?post=297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}