Hi Ronen, I have included this command in my Mikrotik router to stop DNS query. Work well. /ip firewall filter add action=drop chain=input dst-port=53 in-interface=wan protocol=udp ​73 de Jean VE2PKT​ On Wed, Apr 6, 2016 at 9:18 AM, Stacy &lt;kg7qin(a)arrl.net&gt; wrote: > (Please trim inclusions from previous messages) > _______________________________________________ > There is also this, which goes a bit more in-depth for locking down your > Mikrotik device: > > > http://rickfreyconsulting.com/wp-content/uploads/2014/10/MikroTik-DNS-Attac… > > > > > On 04/06/2016 06:11 AM, Stacy wrote: > >> (Please trim inclusions from previous messages) >> _______________________________________________ >> Ronen, >> Take a look here. They cover this in pretty good detail. >> >> http://forum.mikrotik.com/viewtopic.php?t=69677 >> >> -Stacy >> KG7QIN >> >> On 04/06/2016 06:00 AM, R P wrote: >> >>> (Please trim inclusions from previous messages) >>> _______________________________________________ >>> Hi group >>> >>> Now when the mikrotik have a connections sessions screen i see about >>> 150 (yesterday night it was 1200) UDP Port 53 (DNS)sessions coming >>> from about 15 different sites each site have about 10 sessions >>> >>> total bandwidth it consume is 500 KB/s >>> >>> What is it ? why a site have to do 10 times DNS queries (or maybe it >>> is a UDP session to port 53 but not a DNS query ) to my host where even no >>> DNS server exist ? >>> >>> Is there anyone that can tell me the exact command to block it ? i have >>> tried with the web interface to add a firewall rule but nothing happen it >>> looks like im not giving the right rule >>> >>> Thanks Forward >>> >>> Ronen - 4Z4ZQ >>> >>> http://www.ronen.org >>> >>> Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> >>> www.ronen.org >>> ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by >>> domainavenue.com >>> >>> >>> >>>