Hello,

I have set up at my home network caching DNS container running Bind. It works fine - either set up in mikrotik or manually added to the machines - queries are going there and the container replies in reasonable time - few hundreds ms at most. I have removed "Use peer DNS" option in DHCP client and I have set the first DNS to the one in the local network and 2-3 more from google, openDNS etc.

The actual problem I am noticing is that mikrotik query just fine this server, but after some period - I am not sure exactly how long it stops quering that server at all. The cache database after around 12 hours keep getting smaller and smaller and it is not because the entries are in mikrotik DNS cache - after clearing them still does not query that local DNS. If I log in into webfig and just click apply in the DNS settings without changing anything it will start querying that local IP for another ~12 hours and then will stop again.

I think it is some kind of bug because it works fine all the time if set manually on another devices.

The router is hap ac2 and I am attaching pastebin with some mac addresses and details redacted. Configuration

And what leads you to think that first server should be used all the time? There's no priority, all servers you enter are equal. Last time I tested it, system starts to use one and moves to another when it fails (or doesn't respond fast enough). And then it keeps using the new one, until it fails, then it moves to next, etc...

is your problem. If your private DNS has response times in 100s of ms, most likely it is the worst performer of the bunch. Thus, it will only be queried as a last resort.

You should have only one DNS setup on Mikrotik, in your case 192.168.1.111
Bind on 192.168.1.111 can have multiple public ones.
But, in this case you should setup a netwatch or custom script to check if 192.168.1.111 is up and functional and change Mikrotik's DNS if it goes offline.
Something like:

Thank you both!

I somehow assumed they have priority, not sure why. And thought the first server have priority and rest will be only used only if it times out.
The reason I did that in the first place is because few weeks ago I had DNS resolution times taking ~10 seconds, I think it was with the cloudflare one. And also why sending every bit of data to google/cloudflare/cisco when I can have the DNS on my network?

As for the hundreds of ms response times - these were the extremes I noticed, but I am fine with that. Sob do you know what "fast enough" is, or any other info on how mikrotik jumps between DNS servers?

inteq understood me pretty well, will try the solution with netwatch as I would prefer to use my local vs the public ones. And I did not even think about that approach as I have not used netwatch at all, which looks like pretty cool feature.

Actually that solution is not ideal, because service might be down while the host replies to ICMP and it seems there is no way to check if remote port is responding. Fetch does not support udp, netwatch is just ping, DNS settings are lacking a lot and the only option seems /system telnet will put some script later if possible around that.

Timeout in "/ip dns" is configurable.

And if you're going to play with scripts, "resolve" command takes optional parameter "server". It doesn't seem to be documented, but it's there. Example: