HI
I use hex 750Gr3 with 6.49.1 and got ip configuration by dhcp from ISP to ethet1 port with DHCP clietnt. i should get one dns servers addresses but i get another i mean incorrect dns server addresses.Also i get ip & prefix & netmask & routes & gateway but they are correct. Correct i mean that my ISP sends me. i tried to change MAC on ether1 port but nothing happened, my isp for one month check their own network and found nothing.
i created a new DHCP client profile for ether1 port but nothing happened, it all started one month ago, but i used this device for 3 years and at first of may i use it last time, then turn off for six month and turn it on at first of November with no settings change, and got all dhcp settings correct except dns servers addresses.
ISP engineers check their own infrastructure and found nothing, i should get dns like 212.92.149.149 and 212.92.149.150 but get 212.92.149.154 and 212.92.149.155. My router isn`t hacked or somebody have access. Only i can access and setup it. i check everything i know and nothing help, i don`t believe in magic but this is one thing i can`t check or explain. my home has many apartments and there are many clients of same ISP and no one has same problem as me. I am asking for help to understand is it possible that my 750Gr3 has hardware of software error with this symptoms and how check what`s happened l?

Looks like you don't have the DHCP client set to use the DNS servers handed... be sure to tick "Use peer DNS" , and DNS servers handed by your ISP will be used.

Additionaly, you have the "wrong ones" (212.92.149.154 and 212.92.149.155) set statically in IP > DNS servers, you need to go there and remove them.

Under IP > DNS Dynamic Servers you should see the ones handed by the ISP once you enable "Use peer DNS".

i should get dns like 212.92.149.149 and 212.92.149.150 but get 212.92.149.154 and 212.92.149.155.

How do you know this? The ISP might be splitting up its DNS servers in more units.

Anyway indeed "Use Peer DNS" is missing (not ticked)
Add DNS servers you want in IP -> DNS -> "Servers" . You can enter multiple. (The ones sent by the ISP will be in "Dynamic Servers")

Use NSLOOKUP on your PC to see id 212.92.149.154 and 212.92.149.155 are responding as DNS servers or not.

From here they are not ... but could be due to ISP filter.

Looks like you don't have the DHCP client set to use the DNS servers handed... be sure to tick "Use peer DNS" , and DNS servers handed by your ISP will be used.

Additionaly, you have the "wrong ones" (212.92.149.154 and 212.92.149.155) set statically in IP > DNS servers, you need to go there and remove them.

Under IP > DNS Dynamic Servers you should see the ones handed by the ISP once you enable "Use peer DNS".

1. I don`t use "Use peer DNS" in screenshot because current config need it to work internet connection with working dns servers.
You see screnshot from "IP --> DHCP client --> dhcp client profile". Now manually configured 212.92.149.149 and 212.92.149.150 in "IP --> DNS"
2. 212.92.149.154 and 212.92.149.155 gets DHCP client profile in router automatically from ISP. They are not configured manually in "IP --> DNS"

How do you know this? The ISP might be splitting up its DNS servers in more units.

I know it from ISP support engineer. And because for last years ISP use this servers and because ISP by DHCP sends me dynamic router to 212.92.149.148/30.

Anyway indeed "Use Peer DNS" is missing (not ticked)

Now "Use Peer DNS" is missing because i have to set 212.92.149.149 and 212.92.149.150 manually in "IP--> DNS" to work my internet connection.

Use NSLOOKUP on your PC to see id 212.92.149.154 and 212.92.149.155 are responding as DNS servers or not.

They are not responding my requests. Neither DNS nor pings or i can`t even make traceroute to them.

Are you saying that the DHCP Server at your ISP is handing you wrong DNS Server IP addresses? In that case you should probably be raising it with them...

The situation is ridiculous and mystique because my router gets 212.92.149.154 and 212.92.149.155 but ISP reject it and said that i am fool and my mikrotik works wrong. You should know that i made traffic dump and analyze it by Wireshark. There was DHCP ACK and Request with data that ISP by DHCP sends me config correctly except DNS servers ip adresses.
I try to analyze all this and understand how to check that my router works correctly and has no error in hardware or software. It`s strange that ISP said me that their switch sends me correct settings by after a few meters of twisted pair DNS servers ip change and my router gets it wrong. Or maybe it happens because soft- or hardware of router is damaged and he incorrectly work with receiving delta.

If you have a Wireshark/tcpdump trace showing that you have received the wrong IPs on the wire, I'd go back to the ISP and escalate the ticket, showing the DHCP exchange has the incorrect IPs.

Failing that, change ISP?

If you have a Wireshark/tcpdump trace showing that you have received the wrong IPs on the wire, I'd go back to the ISP and escalate the ticket, showing the DHCP exchange has the incorrect IPs.
Failing that, change ISP?

I suppose ISP engineers get their degree in some university and my knowledge in network engineering are little more down. And i can`t reject their answers. So i try to dig as deep as it possible. I can`t check ISP network settings but can check my router. I made a full reset with re-configuring from the beginning. Nothing changed. Upgrading router i always made with firmware upgrade in System --> RouterBoard --> Upfrade.
You should know, ISP asked me to send them screenshot of ipconfig and no any other diagnose method they ready to get. Hard to send ipconfig using only *nix.
Is it possible that router incorrectly interpret data from ISP?
Change ISP is the simplest way. We don`t search easy way.

If you have the Wireshark trace, that trumps anything else, as it shows what is coming in on the wire.
Look in the DHCP ACK to the DHCP REQUEST sent by your router. Option 6 is the DNS server the DHCP server sends you, there may be more than one of these entries. I have never seen a case where a router or any other DHCP client rejects the DHCP servers offered and changes them to it's own unless specifically configured to do so.

Also, you can easily disprove the "broken router" theory by connecting something else to ISP, e.g. your PC. You'll see what DNS it gets.

So, Traffic Sniffer from Tools in mikrotik(with stream to pc after NAT) from ether1 port(using as wan to ISP) to ethernet port of pc and Kali Linux after apt-get update &&
apt-get full-upgrade, Wireshark 3.4.9

That looks pretty conclusive, you are receiving the incorrect IPs in the DHCP ACK.
Send it back to the ISP.

I suppose ISP engineers get their degree in some university and my knowledge in network engineering are little more down. And i can`t reject their answers.

Don't assume they know more than you, I've worked with many who were completely lost when a problem went even slightly off-script...

That looks pretty conclusive, you are receiving the incorrect IPs in the DHCP ACK.
Send it back to the ISP.

I suppose ISP engineers get their degree in some university and my knowledge in network engineering are little more down. And i can`t reject their answers.

Don't assume they know more than you, I've worked with many who were completely lost when a problem went even slightly off-script...

Thank you. I was needed to someone except me can approve that Traffic sniffer and Wireshark is enough to prove localization of issue. Honestly, earlier i started think that some DHCP options or vlans works incorrect.

If you send proof to the ISP, then don't send this picture, because this as one picture, interpreted as the state at 1 specific point in time, is not compatible with your story.
.
You can get there only when the tick was removed after receiving the lease with the "Use peer DNS" on. Confusing!
.

no one has same problem as me

.
It is quite common to enter free public DNS servers in the static list: 1.1.1.1,8.8.8.8, 8.8.4.4, 9.9.9.9
https://www.techradar.com/news/best-dns-server

If a DNS server is NOT responding, a normal forwarding DNS server will skip to the next one in the list.
So in that case one wil not have "a problem" with the wrong DNS servers.
I do have an ISP where their DNS servers are down a few times in a year.

If you send proof to the ISP, then don't send this picture, because this as one picture, interpreted as the state at 1 specific point in time, is not compatible with your story.

Klembord-2.jpg
.
You can get there only when the tick was removed after receiving the lease with the "Use peer DNS" on. Confusing!
.

no one has same problem as me

.
It is quite common to enter free public DNS servers in the static list: 1.1.1.1,8.8.8.8, 8.8.4.4, 9.9.9.9
https://www.techradar.com/news/best-dns-server

If a DNS server is NOT responding, a normal forwarding DNS server will skip to the next one in the list.
So in that case one wil not have "a problem" with the wrong DNS servers.
I do have an ISP where their DNS servers are down a few times in a year.

1. Same results with traffic dump and wireshark i got 3 weeks ago first time and all this time i think that this can`t correctly prove that ISP sends me wrong settings.
2. "Use peer DNS" disabled because i set manually 212.92.149.149 and 212.92.149.150 in "IP --> DNS". If i`ll set using peer dns internet won`t work because 212.92.149.154 and 212.92.149.155 will be used router as default dns.
3. I don`t use public dns ip addresses in any part of router config because of security.
4. Important moment!
My ISP use L2TP VPN over 10.0.0.0/8 network with Round-robin l2tp servers rotation by dns.This mean l2tp servers addresses can be used only by dns name like server.local (for example). So, if i get a wrong DNS servers from ISP at physical Ethernet port connection i can`t connect to l2tp vpn and get ip to access global internet. Yeah, my ISP like erotic deviations, you know what i mean
And i can use dns servers except from ISP only after successful connection to l2tp.

All this topic is because for a month my ISP strongly decline any reason that their network configuration is damaged or wrong. And i decided to get help and possibly answer is it possible that my router is broken so it change dns name servers ip addresses getting it from DHCP. I mean my router gets dns servers ip addresses and decided that byte stream from ISP network consisted of 212.92.149.149 and 212.92.149.150 and router think that this is 212.92.149.154 and 212.92.149.155. MITM attack possible but i have no knowledge how to detect it.

1. Don't worry. Proof is more than OK. The data you receive is not what you need.
2. AFAIK static DNS goes before dynamic. It is not round robin, only the first one that answers is used.
3. Security? Your ISP DNS servers are public (and can even be hacked, as used to happen to my ISP. And THEN you are in for big trouble). Anyway your DNS request will be forwarded by your ISP to other DNS servers, and ultimatly even to DNS root servers. I see no security issues with the robust Cloudflare and Google DNS servers. You can even consider DoH (DNS over HTTPS: new in MT) if your ISP would try to tamper with your DNS requests.
4. Oh boy. That 10.0.0.0 network indeed needs it's own DNS servers if "server.local" round robin is used. Very strange setup to use a public DNS server for this. Your physical ethernet port with IP address in the 10.0.0.0/8 range can have another DNS server defined than the L2TP DNS, if they use port 53 redirect.
. .
PS: in the DHCP network for your clients you could enter a public DNS server.
PS: I don't see how "server.local" is resolved. Must be something different or they have a "smart" DNS server that answers certain domains only to 10.0.0.0/8, or they do port redirect.

1. Don't worry. Proof is more than OK. The data you receive is not what you need.
2. AFAIK static DNS goes before dynamic. It is not round robin, only the first one that answers is used.
3. Security? Your ISP DNS servers are public (and can even be hacked, as used to happen to my ISP. And THEN you are in for big trouble). Anyway your DNS request will be forwarded by your ISP to other DNS servers, and ultimatly even to DNS root servers. I see no security issues with the robust Cloudflare and Google DNS servers. You can even consider DoH (DNS over HTTPS: new in MT) if your ISP would try to tamper with your DNS requests.
4. Oh boy. That 10.0.0.0 network indeed needs it's own DNS servers if "server.local" round robin is used. Very strange setup to use a public DNS server for this.
.
Klembord-2.jpg
.
PS: in the DHCP network for your clients you could enter a public DNS server.
PS: I don't see how "server.local" is resolved. Must be something different or they have a "smart" DNS server that answers certaiin domains only to 10.0.0.0/8

1. "Server.local" is address for example. The real addresses of l2tp vpn are others.
2. Round-robin dns for l2tp i mean that 212.92.149.149 and 212.92.149.150 return different ip for different locations of user in my city because ISP network is divided for subnets and depending of time(as a result ISP gets round-robin balancing for l2tp vpn servers).
3. 212.92.149.149 and 212.92.149.150 ip addresses can be routed thru globe internet but it strange that they are acceptable from inside.
4. 10.0.0.0 network also needs for route 212.92.149.148/30 for every client with 10.0.0.0/8 ip.
5. My local clients after NAT can`t use public DNS because with wrong dns from ISP i can`t connect to l2tp and can`t access to globe internet.
Important Note.
Right now i have link to internet only because remove use peer dns and set manually ip addresses in "IP --> DNS" . And if ISP decided to change 212.92.149.149 and 212.92.149.150 to any others i lost link to l2tp and lost internet globe connection. That`s why very important understand why all this happens.
Just add static DNS and use peer dns at the same time is not my way. Because 212.92.149.148/30 and next subnet should be 212.92.149.152/30 this mean 212.92.149.152 is address of network, 212.92.149.153 and 154 address of devices and 212.92.149.155 is a broadcast..

This is all very confusing.
There are two possibilities.
Either your ISP is dynamic and they set everything automatically and all you need to do is set IP DHCP Client and tick both boxes for use ISP DNS and Create Route Automatically
OR
They have provided you with the settings to use.

Which is true??

It seems to me that you have never really tried option A at all and that should be the starting point.
Next if that doesnt work then please use Sobs excellent advice to hook up a PC to the MODEM and then see if the PC is able to connect and what numbers it gets.
According to you the PC will not connect because you are convinced that you need to manually frig with the numbers.

If the two actions above dont work, call your ISP and ask if there are specific settings for a router to connect to the ISP modem or if its an automatic DHCP device!!

Also I hope you are not confusing LAN subnet DHCP and LAN subnet DNS, with the ISP provided settings.................

5. My local clients after NAT can`t use public DNS because with wrong dns from ISP i can`t connect to l2tp and can`t access to globe internet.

Don't think so. local clients use the L2TP tunnel, they don't have to set it up, that's a job for the MT.

PS: 212.92.149.149 is responding to public DNS requests, 212.92.149.150 is not.
Very confusing that this all fits into your /30 address block.

It seems to be getting complicated. First it looked like simple DHCP misconfiguration on ISP's side and them refusing to admit that it may even be the case. Not very usual, but not completely impossible. Now there's another layer with L2TP, with servers on internal hostnames, which is also part of how ISP delivers connection to internet. That's unusual, but ok. I was also under impression that you had /30 routed to you, so that comes over L2TP, or how does that work? I think I may be lost.