Right? YES
Would it work? NO
Imagine that Mikrotik would need to query the DNS names of my network, for any type of validation. Then in the RouterOS DNS server settings, the VPN DNS server address would be placed.
Rephrase, please.
Export your config minus sensitive data.
IPsec Tunnel, DNS query from the router itself via IPsec, and clients marked with connection mark.
.
/ip firewall mangle add action=mark-connection chain=prerouting comment="IKE-30" new-connection-mark=via-30-ike passthrough=no src-address=192.168.88.5
/ip firewall mangle add action=mark-connection chain=output dst-address=172.18.2.0/24 new-connection-mark=via-30-ike passthrough=no src-address-list="SELF" comment="SELF=WAN Interface IP"
