Hey guys, I don't know when or how it happened but as I was trying to use my own DNS server on IPSEC VPN to my guest VLAN with no-responder DNS, I saw that guest devices cant resolve names, even the local ones.
Anyways, I managed to reduce the circle with trouble-shooting and found the culprit. It's the dst-nat DNS forwarder not working, well it still forwards and forwarded DNS server resolves the name but does not return it to the device. My firewall doesnt get a hit from it, I looked all the other settings as well, no luck.
When I change the forwarded DNS IP other than local like 9.9.9.9, device gets the resolved name as returned. When I set it to my local DNS server, as I said above, it doesn't get the resolved name.
Also, when I set the local DNS server IP to my device manually or let it get from DHCP, it works OK. So nothing wrong with my DNS server.
What is the problem here? Is anyone here have a clue or educated guess? It drove me crazy last two days because it doesn't make any sense.