I have something strange on some VyOS instances, in AWS (v1.1.7 but same problem occurs after upgrading them to v1.1.8, and on another instance initialy installed in v1.1.8)
When I set dns forwarding service, for unknown reason, the vyos sometimes correctly forward the incoming request to the dns server as expected, but sometimes it doesn't ! (perhaps it works one time over 3 attemps...). When I tshark on the vyos, we can see the incoming packet, and some times it is forwarded as expected, but sometimes nothing happens, nothing is forwarded, so the client send two or three other request and then ended by a "connection timed out" error message)
What is curious is that if I replace this service dns forwarding by NAT rules (destination + source), to do the same job, I get the same issue: some requests are corretly NATed, but some others are not.
So I tried to reproduce the problem, however on a clean VyoS with only this nat rule or dns forwarding service set, everything is working correctly: every requests are forwarded as expected.
So, I'm not sure but it seems that the common point of all the problematic vyos instances is that they all handle vpn ipsec tunnels (so I can't easily reproduce the problem to check if it's always the case or not). No firewall rules are implemented on these instances...
Does someone get any idea ?