Well,
show firewall - maybe a tcp/53 is cut somewhere? (just a hunch)
capture a pcap - on client side and on MT, both in LAN and - WAN (PPPoE) side
/ip dns cache flush
and what does
/ip dns cache all
say?
Also when:
/ip dns
set allow-remote-requests=yes
Be carefoul - whole internet could use your machine as opendns (use firewall, don’t allow queries from internet/wan side)