Not a DNS expert but do suggest that the full config or more parts thereof be shown as many parts of a config are inter related........
The answer may lie in running a separate DNS serverr (raspberry Pi like) as its not clear to me if the Router DNS services and rules are up to the job?
There have been many threads on this sort of topic so my memory is jumbled............
The problem lies in ensuring that a PC with its own settings may attempt to get around your attempts to shoe them to Open DNS.
Hey Anav, I've been going through different threads and following along with a number of different settings some of your suggestions on other posts too. Unfortunately none are working for me. Here's some more settings that might be helpful:
y/16/2022 15:12:41 by RouterOS 6.47.9
# software id = FMQK-ZJ9T
#
# model = RB2011UiAS
/interface bridge
add admin-mac=2C:C8:1B:A1:7B:E4 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name="ether1 [WAN]"
set [ find default-name=ether2 ] name="ether2 (Vly)"
set [ find default-name=ether3 ] name="ether3 (Krndl)"
/interface pppoe-client
add add-default-route=yes disabled=no interface="ether1 [WAN]" name=pppoe-out1 \
password=* user=*
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.70-192.168.88.254
add name=dhcp_pool2 ranges=192.168.150.100-192.168.150.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool2 disabled=no interface="ether3 (Krndl)" name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface="ether2 (Vly)"
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface="ether1 [WAN]" list=WAN
add interface=pppoe-out1 list=WAN
add comment=defconf interface="ether3 (Krndl)" list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface="ether2 (Vly)" \
network=192.168.88.0
add address=192.168.150.1/24 interface="ether3 (Krndl)" network=\
192.168.150.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.150.0/24 dns-server=192.168.150.1 gateway=192.168.150.1
/ip dns
set allow-remote-requests=yes servers=208.67.222.123,208.67.220.123
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=forward comment="Drop DNS" in-interface=\
"ether3 (Krndl)" protocol=udp src-address=192.168.150.0/24 src-port=53
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=dst-nat chain=dstnat comment=\
"DST NAT Krndl to 192.168.150.1 DNS server TCP" dst-port=53 \
in-interface="ether3 (Krndl)" protocol=tcp src-address=192.168.150.0/24 \
to-addresses=192.168.150.1 to-ports=53
add action=dst-nat chain=dstnat comment=\
"DST NAT Krndl to 192.168.150.1 DNS server UDP" dst-port=53 \
in-interface="ether3 (Krndl)" protocol=udp src-address=192.168.150.0/24 \
to-addresses=192.168.150.1 to-ports=53
add action=masquerade chain=srcnat src-address=192.168.150.0/24
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set www-ssl disabled=no
/lcd
set time-interval=daily
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=Valley
/tool bandwidth-server
set authenticate=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN