I have a weird issue which started when I upgraded to version 6.15, I have tried downgrading and also upgrading to 6.17 no change.
I have a router which I am using for load balancing and default router for all my devices on my backbone and connected to my backbone.
Router ip 172.17.0.8/24
Backbone 172.17.0.0/24
I have a server lets call it DNS 172.17.0.123/24
I then have a number of routers at various points. The one I am behind 172.17.0.3/24. My computer is connected through a switch to this router on my_lan 172.17.8.1/24.
When I try and browse to do a dns query to 172.17.0.123 I get no response. If I do a continous ping to that server from my computer and run a dns query it works.
If I connect myself directly to the backbone network I can run dns query's, browse to the server remote desktop to it no issues. I have removed the firewall and antivirus as part of my test this has not improved anything. the only thing I have left to change is the router. As this is happening from my other 3 sites to this server I do not think is hardware issue but more likely an error in the router os. The configs on each of the routers is very simple. They are just connecting the 3 vlans behind them back to the backbone.
Anyone have any suggestions.

Did you add masquerade?

/ip firewall nat add chain=srcnat action=masquerade

To which router?

i wil say on the router that you running dns on.
What masquerade does it help you communicate with computers behind your router.

ok on my router that is running dns to the outside world I have masquerade as this is natting users to the outside world. The other routers are not doing nat. They are just acting as a pass through. Not sure the right terminology. Basically you can ping them from any of the other lans by pinging that lan ip. The individual routers just prevent vlan traffic that is not destined for the backbone from going onto the backbone. Does that make sense?

Are you able to ping your computer from the ip you try to browse?
you say that your laptop has lan ip 172.17.8.1/24?
And your backbone has ip range 172.17.0.0/24?

Why does the computer have different ip range if you are using vlans to create one big network?

I can ping my computer from the server and I can ping the server from my computer.
the lan I am behind is 172.17.8.0/24 dhcp is from 172.17.8.40 - 172.17.8.199
I have installed routers at each location to reduce the number of hops and to prevent unnecessary traffic from passing across my backbone. Keeping local traffic local so to speak. The only time traffic passes outside of my lan is when I am accessing another lan or accesing the internet.
The reason for this is I have a network spanning over 20 km's over wireless links with multiple hops. By configuring the network this way broadcast storms can only affect a small part of my network at any time. we also adhere to a maximum of 5 hops to end device (even if this is an unspoken rule)
This has worked well for the past 5 years. we haven not had any issues previously and our network has always been stable. Also backbone devices remain untaxed and very little traffic flowing over our backbone.

I can post a network diagram if that helps

My routers are almost setup the same way as yours.
Some that you can try....

1. On the router that vlan connect check under ip firewll connections to see if your computer ip tries to contact to the dns.
2.setup dns on one of the backbone routers and add the dns server ip address to the dns list. Change your pc`s dns to the routers ip. If you then can do dns lookup then it means the problem might be on the dns server.
3.does the dns server maybe have apache running. If so does it open test page when you open its ip in browwser?
4.try connection to the dns servers via ssh,telnet etc.

1. Computer contacts dns server but response is somehow lost.
2. I have configured dns on my routers to get around this and that is working for the moment but there are shared services which I need access to on the servers and backbone devices.
3.Server is running windows 2008 enterprise edition

Ok so i have got to this stage now. if I go on to a backbone device and I run a tracert to one of the computers on my vlan.
First hop 172.17.0.8 which is correct
second hop 172.17.0.1 which should not happen (this is one of my other routers.
third hop 172.17.0.3 which is correct for this vlan
fourth and final hop the computer.
So somehow the router is sending backbone equipment to the wrong router.

Below is a copy of my route table

0 S 0.0.0.0/0 192.168.2.1 1
1 A S 0.0.0.0/0 192.168.3.1 10
2 A S 197.239.226.133/32 192.168.3.1 1
3 S 197.239.226.217/32 192.168.2.1 1
4 A S 197.242.208.0/30 192.168.3.1 1
192.168.2.1
5 A S 0.0.0.0/0 192.168.3.1 1
6 S 0.0.0.0/0 192.168.4.1 10
7 A S 197.239.226.133/32 192.168.3.1 1
8 S 197.239.226.217/32 192.168.2.1 1
9 A S 197.242.208.0/30 192.168.3.1 1
192.168.2.1
10 A S 0.0.0.0/0 192.168.4.1 1
11 S 0.0.0.0/0 192.168.2.1 10
12 A S 197.239.226.133/32 192.168.3.1 1
13 S 197.239.226.217/32 192.168.2.1 1
14 A S 197.242.208.0/30 192.168.3.1 1
192.168.2.1
15 A S 0.0.0.0/0 192.168.3.1 1
16 S 0.0.0.0/0 192.168.4.1 1
17 S 0.0.0.0/0 192.168.2.1 1
18 ADC 172.17.0.0/24 172.17.0.8 LAN 1 0
19 A S 172.17.6.32/27 172.17.0.7 1
20 A S 172.17.8.0/24 172.17.0.3 1
21 A S 172.17.9.0/24 172.17.0.3 1
22 A S 172.17.10.0/24 172.17.0.3 1
23 A S 172.17.16.0/24 172.17.0.2 1
24 A S 172.17.17.0/24 172.17.0.2 1
25 A S 172.17.18.0/24 172.17.0.2 1
26 A S 172.17.19.0/24 172.17.0.2 1
27 A S 172.17.24.0/24 172.17.0.4 1
28 A S 172.17.25.0/24 172.17.0.4 1
29 A S 172.17.26.0/24 172.17.0.4 1
30 ADC 192.168.3.0/30 192.168.3.2 WAN 2 0
31 ADC 192.168.4.0/30 192.168.4.2 WAN 3 0


Any ideas

Check the routing table on the 172.17.0.8 router.

I recommend switching over to ospf.
What is nice about ospf is that it automatically creates/removes routes when your network change.

That is the routing table from the 172.17.0.8 router. I rebooted the router and now tracert takes me to a second hop of 172.17.0.11 which is another router on my network. This is very weird. I think this is why i am having these issues. There seems to be defuncked routing somewhere somehow. I have tested the OSPF will need to spend more time on it in the future but seems simple enough. Did not solve the issue though.

If you can ping and tracert both ways then routing might not be the caused.

What is the ip address that dns server recieves for the dns request?

How is your network setup?
And what dns/gateway does computer use?

So right now I have configured my routers at each point as dns servers and they query my two servers on the backbone. 172.17.0.121 & 172.17.0.123
My computer on the lan is as follows
Ip address : 172.17.8.89
Subnet : 255.255.255.0
Gateway: 172.17.8.1
DNS: 172.17.8.1

The server is setup as follows
Ip address : 172.17.0.123
Subnet : 255.255.255.0
Gateway: 172.17.0.8
DNS: 127.0.0.1

The server is running microsoft dns service and is configured according to best practices and is working well.

the backbone router is configured as follows
Ethernet 1 - LAN1 172.17.0.8
Ethernet 2 - WAN1
Ethernet 3 - WAN2
Ethernet 4 - WAN3

it is running PCC load balancing and masquerade

the HQ router is configured as follows
Ethernet 1 - BACKBONE 172.17.0.3
Ethernet 2 - VLAN 172.17.8.1
Ethernet 3 - VLAN 172.17.9.1
Ethernet 4 - VLAN 172.17.10.1

the HQ router acts as a dhcp relay for 172.17.0.121 and that is all working normaly.
I can ping each computer from the other.
If I run a tracert from the server to the computer then I get the following

Tracing route to it-morgen.malilangwe.local [172.17.8.94]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms Backbone [172.17.0.8]
2 1 ms 1 ms 1 ms 172.17.0.12
3 <1 ms <1 ms <1 ms HQ [172.17.0.3]
4 30 ms 2 ms 2 ms it-morgen.malilangwe.local [172.17.8.94]

Trace complete.

If I run the tracert from the computer to the server I get the following.

C:\Users\grant>tracert backup-server

Tracing route to backup-server.malilangwe.local [172.17.0.123]
over a maximum of 30 hops:

1 4 ms 2 ms 1 ms HQ [172.17.8.1]
2 3 ms 2 ms 2 ms backup-server.malilangwe.local [172.17.0.123]

Trace complete.

Ok So after much searching I found a mikrotik forum where the guy suggested to someone else running pcc to add the following
chain=prerouting action=accept dst-address=172.17.0.0/16
Now that seems to have solved the issue. I am running tests now will keep you posted on the outcome

Great glad you solved it.

i have been battling with this for 1 1/2 months lets hope this is done now
Testing will update