MikroTik

I have two externally accessible servers, each with primary and secondary LAN connections. I had hairpin NAT rules set up to allow all of the other computers and devices on the network to talk with/to them, and the rules were working. Earlier this morning, I upgraded my RouterOS packages to 6.42.3. Now I can't reach the secondary server, on either network connection, from anywhere on my LAN although it still responds fine to requests from WAN. I suspect I need to make changes in my firewall rules, but I don't know exactly what change to make. Screenshot attached.

Open two more colon "To Address", "To Ports" and find to which local IP:port you translating your 76.212.90.etc

Open two more colon "To Address", "To Ports" and find to which local IP:port you translating your 76.212.90.etc

It's going to the proper IP addresses and ports. As I said, it was working and I haven't changed that. And I can reach the second server from a browser on the LAN using the local IP address, and services from outside can access through the WAN without issue. It's only when I try to access using the domain name (and DNS) from within the LAN that I have a problem. And, again, it appears that the problem started after I upgraded to 6.42.3.

Edit To Add: I'm posting the picture, but I'm posting it from my own server so that I can take it down once the issue is resolved:

We're having the same exact problem. Same circumstances. We were running 6.35.2, experienced an issue with VPNFilter, hardened the firewall, removed the script and upgraded to the same version as yourself and our NAT seems to be all over the place. We have a DNS cluster that was exposing our LAN private DNS views to the whole WORLD & and it seems like there's some kind of NAT reflection going on. This upgrade for all intents and purposes "inverted" our network. The only hosts that work are the ones using the first address pool and the clients with a route to them that connect through VPN. The rest are dead. We ended up having to turn use our dispatch DNS server as the primary server (this is completely not acceptable in terms of best practices), and we are completely stumped. Our plan was to rebuild this but something happened during upgrade and it'd be nice to see if anyone else has this issue.

We're using CCR1016-12G.

We're having the same issue.

And now it's working again. Why? Dunno. I didn't change a thing.