hi every one, I have many branches, some branches use mikrotik + unifi and another uses draytek + unifi, on unifi I create 2 ssid: employee and guest. At branches using mikrotik + unifi, when customers connect to employee network, sometimes dns timeout error occurs. When customers connect to the guest, it works normally. branches using draytek work ok. There are a lot of friends of mine who have also reflected this error. Is it the fault of the unifi, mikrotik or my configuration.

It depends, but I'm sure you understand that by lack of any relevant information this question can't be answered...

Can you please share your MikroTik configuration (/export hide-sensitive)?

Both employees and guests networks are using the same DNS server or different ones? I bet not, thus guests having no problems.
Are you using any king of QoS? Maybe double check it. Might cut off DNS.
Are you using any king of rate limiting or "ddos" protection? Try disabling.

ubitquiti

It depends, but I'm sure you understand that by lack of any relevant information this question can't be answered...

Can you please share your MikroTik configuration (/export hide-sensitive)?

/interface bridge
add name=LAN
/interface ethernet
set [ find default-name=ether2 ] name=pppoe-out2
/interface pppoe-client
add disabled=no interface=ether1 name=pppoe-out1 password=h676443 user=\
sgfdl-190627-443
/interface vlan
add interface=LAN name=vlan10 vlan-id=10
/interface list
add name=lan
add name=LAN_NB
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool1 ranges=172.16.0.2-172.16.0.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=LAN lease-time=10h10m name=\
dhcp1
add address-pool=dhcp_pool1 disabled=no interface=vlan10 lease-time=10h10m \
name=dhcp2
/system logging action
set 1 disk-file-name=log
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN interface=ether6
add bridge=LAN interface=ether7
add bridge=LAN interface=ether8
add bridge=LAN interface=ether9
add bridge=LAN interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=LAN list=LAN_NB
add interface=vlan10 list=LAN_NB
/ip address
add address=192.168.10.1/24 interface=LAN network=192.168.10.0
add address=172.16.0.1/24 interface=vlan10 network=172.16.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no disabled=no interface=pppoe-out2
/ip dhcp-server lease
add address=192.168.10.244 client-id=1:74:83:c2:40:4:47 mac-address=\
74:83:C2:40:04:47 server=dhcp1
add address=192.168.10.100 client-id=1:8c:89:a5:4c:1c:90 mac-address=\
8C:89:A5:4C:1C:90 server=dhcp1
add address=192.168.10.161 client-id=1:bc:4c:c4:ab:e8:50 mac-address=\
BC:4C:C4:AB:E8:50 server=dhcp1
add address=192.168.10.77 client-id=1:0:24:8c:7a:48:ec mac-address=\
00:24:8C:7A:48:EC server=dhcp1
add address=192.168.10.56 client-id=1:0:26:2d:4f:24:99 mac-address=\
00:26:2D:4F:24:99 server=dhcp1
add address=192.168.10.189 client-id=1:48:bf:6b:6a:70:6e mac-address=\
48:BF:6B:6A:70:6E server=dhcp1
add address=192.168.10.157 client-id=1:3c:dc:bc:f9:59:27 mac-address=\
3C:DC:BC:F9:59:27 server=dhcp1
add address=192.168.10.162 client-id=1:fc:e9:98:8d:37:1 mac-address=\
FC:E9:98:8D:37:01 server=dhcp1
add address=192.168.10.4 client-id=1:24:79:f3:a4:78:d1 mac-address=\
24:79:F3:A4:78:D1 server=dhcp1
add address=192.168.10.160 client-id=1:c0:d0:12:74:f:f1 mac-address=\
C0:D0:12:74:0F:F1 server=dhcp1
add address=192.168.10.200 client-id=1:0:1e:65:de:a0:ea mac-address=\
00:1E:65:DE:A0:EA server=dhcp1
add address=192.168.10.163 client-id=1:c0:1a:da:55:e3:4f mac-address=\
C0:1A:DA:55:E3:4F server=dhcp1
add address=192.168.10.94 client-id=1:1c:6f:65:e6:88:76 mac-address=\
1C:6F:65:E6:88:76 server=dhcp1
/ip dhcp-server network
add address=172.16.0.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=172.16.0.1
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=172.16.0.0/16 list=LAN
add address=192.168.10.0/24 list=LAN
/ip firewall mangle
add chain=prerouting comment="accept traffic from lan" dst-address-list=LAN \
src-address-list=LAN
add action=mark-connection chain=input comment=\
"traffic from internet to wan port" connection-mark=no-mark in-interface=\
pppoe-out1 new-connection-mark=internet-to-isp1 passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
pppoe-out2 new-connection-mark=internet-to-isp2 passthrough=no
add action=mark-routing chain=output connection-mark=internet-to-isp2 \
new-routing-mark=isp2-to-internet passthrough=no
add action=mark-routing chain=output connection-mark=internet-to-isp1 \
new-routing-mark=isp1-to-internet passthrough=no
add action=mark-connection chain=forward connection-mark=no-mark \
in-interface=pppoe-out2 new-connection-mark=internet-isp2-lan \
passthrough=no
add action=mark-routing chain=prerouting connection-mark=internet-isp1-lan \
in-interface-list=LAN_NB new-routing-mark=isp1-to-internet passthrough=no \
src-address-list=LAN
add action=mark-routing chain=prerouting connection-mark=internet-isp2-lan \
in-interface-list=LAN_NB new-routing-mark=isp2-to-internet passthrough=no \
src-address-list=LAN
add action=mark-connection chain=prerouting comment="PCC rules" \
connection-mark=no-mark dst-address-list=!LAN dst-address-type=!local \
in-interface-list=LAN_NB new-connection-mark=lan-to-isp1 passthrough=yes \
per-connection-classifier=both-addresses:2/0 src-address-list=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!LAN dst-address-type=!local in-interface-list=LAN_NB \
new-connection-mark=lan-to-isp2 passthrough=yes \
per-connection-classifier=both-addresses:2/1 src-address-list=LAN
add action=mark-routing chain=prerouting connection-mark=lan-to-isp1 \
dst-address-list=!LAN in-interface-list=LAN_NB new-routing-mark=\
isp1-to-internet passthrough=no src-address-list=LAN
add action=mark-routing chain=prerouting connection-mark=lan-to-isp2 \
dst-address-list=!LAN in-interface-list=LAN_NB new-routing-mark=\
isp2-to-internet passthrough=no src-address-list=LAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
/ip route
add distance=1 gateway=192.168.1.100 routing-mark=isp2-to-internet
add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=\
isp1-to-internet
add check-gateway=ping distance=1 gateway=pppoe-out1
add check-gateway=ping distance=2 gateway=192.168.1.100
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Ho_Chi_Minh

Both employees and guests networks are using the same DNS server or different ones? I bet not, thus guests having no problems.
Are you using any king of QoS? Maybe double check it. Might cut off DNS.
Are you using any king of rate limiting or "ddos" protection? Try disabling.

i have shown configuration below the comments, you can see

ubitquiti

i dont understand. :(

Something new?