Could someone confirm a couple of things?
(1) If a connection or packet is marked in “prerouting”, does it keep that mark all the way through so it could be matched and acted on on “_postroutin_g”, or indeed later to match a queue?
(2) Some of the examples show DNS being marked twice, once in “prerouting” to pick up DNS traffic that passes through the router, and then again at “postrouting” to match requests originating from the router itself. Why not just mark at “postrouting” which will surely see both, assuming the same mark applied to each?
You should be aware that some matches cannot be applied in all places. E.g. in-interface can only be matched in prerouting, out-interface can only be matched in postrouting.
So when the use case requires that the in-interface is part of the matching criteria, it has to be applied in prerouting.
Indeed a packet mark applied in prerouting is still available to check in postrouting. The marks are carried all along the processing of the packet.
A connection mark is related to that particular (tracked) connection and is available in all packets that belong to it.