MikroTik

I have customers routers that have "open recursive DNS port 53" and my upstream provider is telling me I need to get that blocked. Rather than chase down each customer I would like to block this at my core router. I have a firewall rule setup but it does not appear to be working. Any ideas what I'm doing wrong?

add action=drop chain=forward comment="" disabled=no dst-port=53 protocol=udp \
src-address=0.0.0.0/0 src-port=53

probably it is not working because UDP can use both TCP and UDP.

You can redirect all DNS requests to your router which is better solution
/ip firewall nat
add action=redirect chain=dstnat comment=dns dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53

He means "DNS can use both TCP and UDP."

And take off src-port=53. DNS clients / servers use random outgoing source ports, so you'll probably probably never match that rule.

probably it is not working because UDP can use both TCP and UDP.

You can redirect all DNS requests to your router which is better solution
/ip firewall nat
add action=redirect chain=dstnat comment=dns dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53

I am having the same issue as pkats and I have implemented the script you suggested. But is there a way I can narrow it down to a single computer on my network? I have been going to each one I can get to doing deep antivirus scans but I was just curious if it was possible. Thank You

remove src-port=53, everything else is correct, and set the same rule in input chain on public interface if you use your Mikrotik router as dns proxy too.