It is very important to block the DNS service on port 53 for incoming connections on your Router or Firewall. Doing this increases your network security and helps avoid cyber attacks such as DDOS.

To secure your network, connect to your MikroTik using Winbox and open a New Terminal. Copy and paste the following commands into the console:

Before executing the commands, you must replace IN-INT in the code above with the actual name of your MikroTik WAN interface.

If you use multiple WAN interfaces on your MikroTik, you must re-run the commands above multiple times, replacing IN-INT with the names of all your other WAN interfaces to ensure complete protection.

Enhance your network security by learning how to block incoming DNS service connections on port 53 to mitigate cyber threats like DDoS attacks. 

How to Enable DoH on MikroTik Routers

How to block DNS resolution from outside in Mikrotik

How to run scripts on multi-WAN scenarios on Mikrotik

Docs

Platform 2026 Guides

Deployments Overview

Networks

Deployments

Protection Overview

Protection

Untitled

Start the Migration

Confirm the Migration

Policy Migration Logs

Migration Overview

Configure the Dynamic DNS using dyndns.org

Generic guide to enable FlashStart cloud filtering

How to solve synchronization problems in Mikrotik

How to configure multiprofile on Mikrotik

MikroTik RouterOS Configuration

Teldat configuration

Bind configuration

Ubiquiti-UniFi configuration

Grandstream configuration

PFSense configuration

Netgear configuration

IPCOP configuration

Linksys Router

Cisco configuration

TP-Link configuration

Fritz!Box configuration

Zyxel/Zywall configuration

Draytek configuration

Bright Box configuration

Engenius SD-WAN Router

Ruijie Router

Pi-Hole's blacklist configuration

Router Guides

API Integration

Dates and Roadmap

Pricing and Purchasing

Migration and Licenses

Registration procedures