I tried to kind of replicate nginx functionality using dstnat to different machines basing on tls-host (mostly to split openvpn on port 443 from https) however to my surprise this feature doesn't seem to work in dstnat chain. It works in prerouting chain though and according to:
prerouting occurs before dstnat. Unfortunately it doesn't seem to be true because even when I use mark-packet or mark-connection action in prerouting chain it doesn't seem to be noticed by dstnat chain. Is it normal behavior?
Furthermore tls-host option is not mentioned in NAT documentation: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT so I'm a bit confused.