Good day developers I just want you to know that Openwrt Dnsmasq have open port 53. But this is the problem the vulnerability in DNS 53 some users of my wifi Attack my wifi DNS 53 so that's why my wifi suddenly disappeared because of that. Some users Launch Denial of Service which is I can't prevent.
I secured Openwrt luci interface I used https on that, in DNS I used Dns Over HTPPS AKA:DNSCrypt, and I noticed that Openwrt is secured outside of my router. My only problem is Openwrt Dnsmasq open port 53 by default users manage to exploit this.
The Openwrt is secured by default but it can't protect against Vulnerability that not have been fix.
Like DNS 53 UDP Bypass Rules & Denial of Service in 53
Can you fix this?
Can you protect DNS 53 in this type of attacks?
Running dnsmasq is not a security issue by itself (nor a vulnerability!), but generally necessary - port 53 being open to the LAN side is normal behaviour as well.
If you have users abusing that, boot them from the network.
Handing out a different (external-) DNS server as part of the DHCP lease (and rejecting packets) is technically possible (option 6), but that will merely shift the DoS attack to other venues (e.g. DHCP itself, ARP poisoning, de-auth attacks or simply filling up the frequencies). Keep in mind that shifting the problem from your infrastructure to that of external 3rd parties this way might lead you into hot water (technically or legally, should those object and retaliate, and be it just by refusing service). It's better to cope with that within your range of responsibility (the given hardware might be a little weak with non-cooperative (ab)users though), than to rely on others.