Blocking DoS attack on dns-udp helper

Gurus, I have an 80C (MR3 Patch2) that is under a sustained DoS attack and need some advice on how to effectively block/drop the originating IP' s traffic. The originating IP (87.106.249.76) is pushing lots of dns-udp packets to which the fw helper responds. I have configured a DoS Policy with very low thresholds, but the fortigate still responds to the packets with ' msg=" run helper-dns-udp(dir=original)" ' in debug tracing. Seems like the fw responds to helpers before it processes DoS or firewall policies. I have removed the dns-udp helper definition from the global settings, have not restarted the fw yet though, not sure if I need to restart the fw before it will remove the dns-udp helper? Any advice on how to effectively block/drop any packets from the originating IP? Regards Paul Trace log extract : id=36871 trace_id=8441 msg=" vd-root received a packet(proto=17, 87.106.249.76:80->xxx.xxx.xxx.xxx:53) from internal1." id=36871 trace_id=8441 msg=" Find an existing session, id-01d6a1d3, original direction" id=36871 trace_id=8441 msg=" run helper-dns-udp(dir=original)" id=36871 trace_id=8471 msg=" vd-root received a packet(proto=17, xxx.xxx.xxx.xxx:53->87.106.249.76:80) from local." id=36871 trace_id=8471 msg=" Find an existing session, id-01d6a218, reply direction" id=36871 trace_id=8471 msg=" run helper-dns-udp(dir=reply)"