Little trick we used when the listed DNS servers that our techs where programing into installs became unavailable. At least it works for us.
/ip firewall mangle
add action=mark-packet chain=prerouting comment="DNS REDIRECT MANG RULE" \
disabled=no dst-port=53 new-packet-mark=dns_redirect passthrough=yes \
/ip firewall nat
add action=dst-nat chain=dstnat comment="DNS REDIRECT" disabled=no \
packet-mark=dns_redirect protocol=udp to-addresses=XXX.XXX.XXX.XXX \
Doesn't matter where the computer wants to go, the MT grabs the DNS connection, marks that packet and then dst-nat's it to the DNS server of your choice.