Hi there!
I have read this manual http://www.mikrotik.com/testdocs/ros/2.9/ip/dnscache.php about configuring DNS proxy, but still have problems. when i tried to resolve microsoft.com for example i see via winbox, that this address was resolved and stored in dns cache, but on my local network PC i coudn’t resolve it! what the problem? help plz.
Most likely PC does not use RouterOS DNS cache.
First of all you need to enable access to DNS cache, ‘ip dns set allow-remote-requests=yes’ and valid primary and secondary DNS servers required.
Then point user PC to RouterOS address for DNS server, or create NAT rules to redirect DNS traffic to router.
thx, sergejs! I have added chain to forward udp from mikrotik port 53 to my ISP dns servers. all work fine 
Can you post the rules you added to make this work?
Can you post the rules you added to make this work?
Because most impementations of chains are very restrictive (for security reasons) My guess is that he was not allowing the output of DNS in his output chain.
Example, if you wanted to allow DNS inquires to the DNS Cache from the 10.10.10.0/24 subnet:
add chain=input src-address=10.10.10.0/24 protocol=udp dst-port=53 \ action=accept comment=“Allow DNS from internal network” disabled=no
But, then if you might also need to allow the output (allow the router to send a response to the DNS request):
add chain=output protocol=udp dst-port=53 action=accept comment=“allow DNS output” disabled=no