I think your dns server was being used to attack other targets in a "dns amplification" attack. a.packetdevil.com is just something with a large dns answer, to maximize the amount of traffic.
192.168.1.3 seems an unusual LAN IP address for a router.

OK, thanks.
I'm going to have to be careful with the Mikrotik router. Had a similar issue when looking at using the web proxy.
It's a pretty steep learning curve even when compared to using something like PFSense.
Re the IP, at the moment it is connected to a TG582N in it's DMZ, picking up an IP through DHCP.
Just seeing how it compared to running with the TG582N in it's bridged mode and connecting through PPPoE.
Seem to get better upstream QOS results when running this way.

the reason the QoS is better has something to do with the primary router ignoring all normal rules for traffic when pointing at a DMZ....but then that's normal for all routers that cost under £200, and you probably need a qualification in cisco systems to properly setup a DMZ on the more expensive ones
the best bet is just to buy a decent primary router enable NAT +UPNP and ignore QoS, just make sure the router you get is designed to continuously connect the number of devices your household is using (most isp provided ones struggle if you have more than 8 ) and don't forget that anything with an ip address on the network counts as a device (so routers IP phones, storage, set top box/smart TV, pc's, tablets, phones etc etc) even if you assign them a static ip address outside of the dhcp range, also a lot of WIFI combi routers completely mess up when utilizing both wired and wireless, its much better to have dedicated devices.
with that in mind your optimal setup would be to use the tg582n as a slave device and get a new router that doesn't have building wifi as your primary (DHCP server) then your free to ignor QoS, just enable UPNP +NAT and ignor most everything else (unless you particularly want to block certain functions or websites)