DNS Query “sl 0.0.0.0” in Mikrotik DNS Cache

Sounds like this could be from a potential scan. The record is useless as 0.0.0.0 doesn’t go to anything.

https://learn.microsoft.com/en-us/answers/questions/547092/what-is-the-sl(0)-in-dns-logs-as-host-name

We can block this type of behavior by blocking inbound DNS request. Change in-interface to your interface or change to an interface list.

ip firewall filter add chain=input protocol=6 dst-port=53 in-interface=ether1 action=drop
ip firewall filter add chain=input protocol=17 dst-port=53 in-interface=ether1 action=drop

Leave a Reply

Your email address will not be published. Required fields are marked *