Well, why did you stick to the DNS and DHTsP, that's how they were not connected with this problem (and could not be).
The problem is solved. I took the same Mikrotik, and uploaded the config from the failed one to it. Everything works now without problems. The Mikrotik returned to the store. Thank you all.

you forgot to post the configs.
ps: in general, on switches from d-link, it’s better not to configure anything other than vlan at all and turn off all features if possible

Yes, of course, according to such scribbles, it’s impossible to understand where it runs, I’ll try to guess:
1. Ether1 = WAN
2. Ether2-Ether5 = Local (ihh it’s better to link by making the 2nd port the master of the rest as a slave, the bridge works slower
3. Transfer DHCP to Mikrotik, lifespan 3 days to install
4. Configure DHCP to issue the default gateway, Mikrotik address, dns server address of Mikrotik (for local, of course)
5. On Mikrotik dns, register 1 your domain controller 1, 2 controller 2 if any, etc., add Google last to the list dns 8.8.8.8
6. Configure nat
In this configuration, Mikrotik will distribute addresses, the default gateway is also a dns server (it will cache requests) plus you can register statics for your own purposes or tests without touching the domain dns at all, it will first send all requests to the domain controller, and if there is such if he doesn’t find an answer, then he will look for them on Google, your CDs probably also run to the Internet via Mikrotik, so from the workstation, the mail.ru resolve will look like this: request for Mikrotik - request for CD - traffic from CD via Mikrotik to DNS global ( if a forwarder is configured) if not, then we say no and Mikrotik asks the next dns in the list until it sorts everyone in order - then the answer is Mikrotik - after the answer to the client
If you want to allocate telephony to a separate wealan, then on Ether 2 he raises the VLAN with us, we say that we accept tagged and non-tagged traffic, because if we have a LAN without a vlan on port 2, then traffic from it will not go through, we configure our subnet with with our DHCP server, we tag the equipment to the desired wealan and everything is according to the same scheme ... You can set up an access list, and prohibit grids from resolving into each other.

All this is strange. I would stream all the traffic that comes to the port where the computer with the idle Internet is connected to the computer that works fine. Well, there he already began to sort out what comes from this computer to the MT, and what is sent in response.
Also, at the time of the absence of a ping, it would not be bad to look.
You can also enable the debug log in the MT and monitor the logs.

/ip dns
set allow-remote-requests=yes cache-max-ttl=2d cache-size=4096KiB query-server-timeout=5s servers=192.168.0.5,192.168.0.1
/ip firewall nat
add action=redirect chain=dstnat dst-port=53 protocol=tcp src-address=192.168.0.0/24 to-ports=53
add action=redirect chain=dstnat dst-port=53 protocol=udp src-address=192.168.0.0/24 to-ports= 53