Domain Name System

Mikrotik and oddities with DNS (cyclic resolving errors), how to solve?

For a couple of months now, I have noticed that sometimes sites, projects get stupid, and the fact is that DNS falls off.
This is most clearly seen when you run docker build on a project and there are a lot of DNS requests.
Like this:
Error response from daemon: Get https://index.docker.io/v1/users/: dial tcp: lookup index.docker.io on 192.168.0.1:53: read udp 192.168.0.2:58812->192.168 .0.1:53: i/o timeout
Or like this:
ERROR: dial tcp: lookup dseasb33srnrn.cloudfront.net on 192.168.0.1:53: read udp 192.168.0.192:58979->192.168.0.1:53: i/o timeout
And this happens on two different mikrotiks (CRS125 and RB3011), the firmware was from 6.38.1 to the current 6.38.5 on different providers. Briefly solved by clearing the cache.
By itself, DNS is set up quite standardly on Mikrotik and I tried to play with cache sizes, TTL, UDP request size, number of requests, upstream DNS (google, opendns and my local ones):
RB3011:
/ip dns
set allow-remote-requests= yes cache-max-ttl=1m cache-size=1024KiB max-concurrent-queries=200 max-concurrent-tcp-sessions=50 query-server-timeout=1s \
query-total-timeout=2s servers=4.2.2.2, 4.2.2.1
CRS125:
/ip dns
set allow-remote-requests=yes cache-max-ttl=1m max-concurrent-queries=200 max-concurrent-tcp-sessions=50 max-udp-packet-size=16384 \
query -server-timeout=1s query-total-timeout=2s servers=8.8.8.8
There were rules in the firewall to redirect DNS requests, but they are now disabled. with action=redirect, Windows machines worked crookedly, often declaring that there was no Internet (it would also be interesting to hear comments on this issue).
Can someone help? If you change /etc/resolv.conf on a test machine with a docker, then there are no errors with the resolve at all.