For this test you need:

• A PC with recent linux distro (like debian testing or Fedora 11), which sends A and AAAA DNS queries at the same time.
• Routeros 4.6:
• Configure IP so it can act as a gateway for the PC (no nat required).
• Have conntrack enabled (by default).
• Add a trivial queue tree like this (please note we are NOT rate limiting): /queue tree add name=test parent=global-in

Now on the PC just wget anything (repeat this as many times as you want): Most times DNS resolution will get stuck (or at least take too much time). This is because routeros is dropping MOST of the DNS packets (typically the AAAA queries).
You can sniff incoming and outgoing traffic to test that it is Routeros who drops it. I've double checked this on different routers/pc.

Might be related to this:
http://kerneltrap.org/mailarchive/linux ... id-4825394

Though they suggest it should happen on SMP systems and mine is not.

interesting ...