I'm fully aware of the trick to implementing this using NAT, Mangle, and Layer7 Protocol rules in the firewall. However, that solution has various problems, including one huge one.
- The big one is that it only works for DNS queries over UDP; any DNS query over TCP will just fail if this method is attempted. Obviously DNS mostly uses UDP, but it'll fall back to TCP and break at surprising times.
- A smaller issue, but a real one, is that implementing this method requires understanding the details of UDP DNS packet structure. Most of the tutorials on these forums and elsewhere get the regular expressions wrong.
- Requests that get handled by the Layer7 NAT trick don't get their results cached by the Mikrotik, so they have to be forwarded every time.
If Mikrotik doesn't want to add this as a core feature of the RouterOS DNS Forwarder, I'd love to see a more fully-featured DNS forwarder added as a separate package, the way the fully-featured NTP client and server are.