I'm unfortunately stuck with this.
mDNS reflection seems to be working fine, printers, AirPlay devices shows up correctly on every VLAN immediately and works as it should.
Though Chromecast devices and Spotify Connect devices don't seem to be working flawlessly. So these devices may need additional config besides mDNS, but I don't know where I should look...

I'm unfortunately stuck with this.
mDNS reflection seems to be working fine, printers, AirPlay devices shows up correctly on every VLAN immediately and works as it should.
Though Chromecast devices and Spotify Connect devices don't seem to be working flawlessly. So these devices may need additional config besides mDNS, but I don't know where I should look...

I have this working with Chromecast - did you apply firewall firewall filters that allow traffic?

Kudos to you for sticking with the thread and posting updates!

I am installing all Unifi equipment, but dont want to leave RouterOS behind. My project is to break up my network into LAN, IoT & NoT. Right now I am dumping all VLANs to the LAN network. I have implemented policies restricting traffic to the LAN - have not moved anything over to their respective SSIDs(VLANs) yet, but I dont have mdns or "VLAN Filtering" turned on in the bridge interface, so I'm expecting issues. Coming across your post was encouraging and helpful.

Thanks!

jwb

• Chromecast devices work fully on my main network. Guest network does not seem to work, even with mDNS reflection. On Guest network everything is blocked except WAN traffic. As soon as I enable the vlan_guest network to access everything, devices appear. I don't know what I need to add to the firewall for this to work. Simple address list with the chromecast devices address are not enough.

• Denon devices with Spotify Connect is really unstable. The Denon HEOS app works great, but Spotify Connect not. The Denon devices usually won't show up in the Devices list, only the Chromeast devices. But sometimes it does show up and for example my PC and iPad always shows these Denon devices also, but my phone and other phones don't...

So the progress is:

• Chromecast devices work fully on my main network. Guest network does not seem to work, even with mDNS reflection. On Guest network everything is blocked except WAN traffic. As soon as I enable the vlan_guest network to access everything, devices appear. I don't know what I need to add to the firewall for this to work. Simple address list with the chromecast devices address are not enough.

So the progress is:

• Chromecast devices work fully on my main network. Guest network does not seem to work, even with mDNS reflection. On Guest network everything is blocked except WAN traffic. As soon as I enable the vlan_guest network to access everything, devices appear. I don't know what I need to add to the firewall for this to work. Simple address list with the chromecast devices address are not enough.

I depends on how your firewall is written, but I think you need a to forward (allow) traffic from main to guest. Just give the guest network access to the Avahi reflector, assuming it is sitting on the main network.

• It was the input chain rule which caused Chromecast devices to appear. So I added a rule to the input chain, not forward which allows access to the whole network from guest network.

• The reflector has multiple (virtual) interfaces and it has it's own address in every subnetwork. Browsing with avahi-browse I can see that it reflects all traffic to every interface it has. I thought this is the meaning of the reflector.

• On its local interface (the one which is in the guest network) I can access the reflector.

• It was the input chain rule which caused Chromecast devices to appear. So I added a rule to the input chain, not forward which allows access to the whole network from guest network.

• The reflector has multiple (virtual) interfaces and it has it's own address in every subnetwork. Browsing with avahi-browse I can see that it reflects all traffic to every interface it has. I thought this is the meaning of the reflector.

• On its local interface (the one which is in the guest network) I can access the reflector.

Well, you might be right, so I would try this. You mean to allow traffic only to that device?
But:

• It was the input chain rule which caused Chromecast devices to appear. So I added a rule to the input chain, not forward which allows access to the whole network from guest network.

• The reflector has multiple (virtual) interfaces and it has it's own address in every subnetwork. Browsing with avahi-browse I can see that it reflects all traffic to every interface it has. I thought this is the meaning of the reflector.

• On its local interface (the one which is in the guest network) I can access the reflector.

Yes the reflector can grab and IP from every vlan and reflect that traffic. But the to and from devices need to be able to reach each other as the source and destination. Input rules are traffic destined for the router itself. That may be appropriate for a Unfi USG environment that runs the service. These should be forward rules. I am not at home or I would post some. In my case I can have a Kids and Guest VLAN discover a chromecast on my main network and push content. I have to forward/accept traffic from the kids/guest (address list in my case) to the chomercasts IPs (again I have more than one so I put them in an address list. I may have the revers rules as well chomecasts > Kids/Guest, but I cannot remember.

"Browsing with avahi-browse I can see that it reflects all traffic to every interface it has. I thought this is the meaning of the reflector." - I think that is correct, but you still have to allow the inter vlan communication to flow. Again - this is somewhat dependent on how you have your firewall setup.

 0    ;;; Allow Estab & Related
      chain=input action=accept connection-state=established,related log=no log-prefix="" 

 1    ;;; Allow OpenVPN
      chain=input action=accept protocol=tcp dst-port=1194 log=no log-prefix="" 

 2    ;;; Allow VLAN_PRIVATE Full Access
      chain=input action=accept in-interface-list=PRIVATE log=no log-prefix="" 

 3    ;;; Temporary rule!
      chain=input action=accept in-interface=vlan_iot log=no log-prefix="" 

 4 X  chain=input action=accept in-interface=vlan_guest log=no log-prefix="" 

 5    ;;; Multicast IGMP
      chain=input action=accept protocol=igmp in-interface-list=VLAN log=no log-prefix="" 

 6    ;;; Drop
      chain=input action=drop connection-state="" log=no log-prefix="" 

 7    ;;; Accept port forwards
      chain=forward action=accept connection-state=new connection-nat-state=dstnat log=no log-prefix="" 

 8    ;;; Allow Estab & Related
      chain=forward action=accept connection-state=established,related log=no log-prefix="" 

 9    ;;; Temporary rule!
      chain=forward action=accept in-interface=vlan_iot log=no log-prefix="" 

10    ;;; Allow NAS Access
      chain=forward action=accept dst-address=10.0.0.252 src-address-list=NAS log=no log-prefix="" 

11    ;;; Allow Streaming on VLANs
      chain=forward action=accept dst-address-list=Stream log=no log-prefix="" 

12    ;;; VLAN Internet Access only
      chain=forward action=accept connection-state=new in-interface-list=VLAN out-interface-list=WAN log=no log-prefix="" 

13    ;;; Forward queries from openVPN
      chain=forward action=accept in-interface-list=PRIVATE log=no log-prefix="" 

14    ;;; Drop
      chain=forward action=drop connection-state="" log=no log-prefix="" 

Sorry I spaced post those filters rules.... I will try to get at it when I get home.

That is strange the new device cannot work.

What is the igmp all for?

Finally solved this!

So to sum this up- i still need RPI and that mdns reflector (https://github.com/kennylevinsen/mdns-repeater) to make it work?

any updates since 2020

Do I still have to get external device (RPI, etc) to get it working?

• a Mac Mini
• an always-on Windows machine running WSL2
• the same machine running Linux in a virtual machine
• the more advanced sort of NAS that has add-on software packages (Synology, Drobo, TrueNAS...)

With RouterOS 7.1rc3 .... would a docker image be usable?
https://github.com/monstrenyatko/docker-mdns-repeater

With RouterOS 7.1rc3 .... would a docker image be usable?
https://github.com/monstrenyatko/docker-mdns-repeater

In principle, yes. From a skim of the relevant docs, it looks like you just need to assign the container's "veth" devices to the proper VLANs to let it see both sides. At that point, it's the same as having a Pi attached to both, so the rest of the tutorial above should then work.
Let us know how it goes.

We will re-release container package soon. We wanted to improve security of the package, and make sure it does not have access to things it should not access. We will sandbox it more, re-evaluate all security aspects and will release it soon, when it is ready and completely secure.

Finally solved this!

So from Mikrotik perspective, everything was set up properly. You might need IGMP proxy for some devices, but no need for PIM (some suggested that IGMP is not enough, even though every guide says it uses IGMP), just a simple IGMP-Proxy setup will do.

I have switched from avahi to this mdns reflector:
https://github.com/kennylevinsen/mdns-repeater

I don't know what was the problem with avahi, because it kinda worked, Google Chromecast devices and Apple related stuffs as I said earlier worked correctly, but some services won't. That's why I never thought that the mDNS reflector is not working correctly, because some things worked anyways and also browsing mDNS traffic, everything reported correctly.
However switching mdns reflector, everything started to work immediately. Also discovery is faster now in every service.
There is a newer avahi-daemon version (8.0) but I did not have time to build it (not available through apt yet), it might solve these issues (but I don't know why this happens).

Anyway thanks for everyone trying to help! It would be great if Mikrotik could implement its own mDNS reflector. Then this might worked for first try and you don't need to mess around 3rd party services and devices.

sudo apt-get install --reinstall build-essential