Hi,
I have two RB5009s configured essentially per https://wiki.mikrotik.com/wiki/Manual:VRRP-examples#Basic_Setup except that there are two VRRP interfaces, each preferring one of the routers:
R1:
/ip address add address=192.168.1.3/24 interface=bridge
/interface vrrp add interface=bridge vrid=1 priority=254 name=vrrp1
/ip address add address=192.168.1.1/32 interface=vrrp1
/interface vrrp add interface=bridge vrid=2 priority=154 name=vrrp2
/ip address add address=192.168.1.2/32 interface=vrrp2
R2:
/ip address add address=192.168.1.4/24 interface=bridge
/interface vrrp add interface=bridge vrid=1 priority=154 name=vrrp1
/ip address add address=192.168.1.1/32 interface=vrrp1
/interface vrrp add interface=bridge vrid=2 priority=254 name=vrrp2
/ip address add address=192.168.1.2/32 interface=vrrp2
I can ping the VRRP IPs just fine on both routers from various hosts on the same LAN. However, I cannot successfully request DNS resolution from the VRRP IPs from those same hosts. When I point DNS at a VRRP IP, tcpdump shows the replies coming from the router’s local IP and not the VRRP IP.
I found a similar thread from back in 2016 with respect to SNMP against VRRP IPs in http://forum.mikrotik.com/t/bug-snmp-over-vrrp-interface-problem/100372/18 .
However, the solution appears incomplete and does not work for me. I was able to add the new-connection-mark rules but not the new-routing-mark rules described in that topic. When I try to add the new-routing-mark rules, the router complains: input does not match any value of new-routing-mark
/ip/firewall/mangle/add chain=input action=mark-connection new-connection-mark=to_vrrp1 passthrough=yes dst-address=192.168.1.1
/ip/firewall/mangle/add chain=input action=mark-connection new-connection-mark=to_vrrp2 passthrough=yes dst-address=192.168.1.2
I have not found anything else on the forums or elsewhere on Internet and have tried creating routing tables which avoided the complaint but still did not work.
Any help would be greatly appreciated!