Hello,
I have a very similar problem with DNS through IPSec and despite spending hours on different websites still can't solve it.
4 PCs as LAN (192.168.88.1-200),
MikroTik router (DHCP, VPN, DNS server, IP: 192.168.88.1) with static IP.
A remote access from one external PC through VPN IPSec IKEv2 (with certificates), it gets a local address from the pool 192.168.88.201-210 assigned by MT while entering LAN.
Now, the remote access connection is OK, I can ping all LAN PCs, MT, and also external websites per IP. However, I can't ping the LAN computers per hostnames. I have to fix it because of a software that needs access to one of the hosts per its hostname.
Looking at the log I see that after IPSec connection is builtup the DNS requests from the external PC are arriving with its local address (e.g. 192.168.88.210) at the WAN interface and so MikroTik sends its responses back from the same WAN interface to the local addres of the external PC (e.g. 192.168.88.210). It can't work this way, obviously.
I found many opinions that this is how MT works when "clear" IPSec is used, unfortunately could not find any advice how to fix it in such a scenario like mine (remote access, only one MT).
I am a newbie in MT and so all my attempts to set up Firewall rules, NAT rules or even Routes have failed.
I would really appreciate any help in this topic... Many thanks in advance!