Below script with your DNS and Ip addresses will help you to FORCE already configured hotspot and its users to use given DNS nameservers. I looked everywhere but couldn’t find a complete working solution. Then I did dome digging with the router settings and found this fix and it worked really good. no sweat!
Step 1. If you have a vpn(l2tp or pptp? use below commands to puch DNS traffic through your VPN)
/ip route add distance=1 dst-address=DNS_Nameserver1 gateway=l2tp-out or pptp-out interface
/ip route add distance=1 dst-address=DNS_Nameserver2 gateway=l2tp-out or pptp-out interface
Step 2. Disable Public DNS lookup from WAN port. (ether1 in this case)
/ip firewall filter add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=udp
/ip firewall filter add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=tcp
Step 3. NAT rules to Force Hotspot users to use given DNS Nameservers, chain=pre-hotspot rule pushes its rules before hotspot NAT rules executed. Really helpful when you already have 53 udp/tcp ports to 64872 ports Dynamic NAT Rules(which caused me lot of trouble)
/ip firewall add action=dst-nat chain=pre-hotspot dst-port=53 in-interface=bridge interface here protocol=udp to-addresses=DNS_Nameserver1
/ip firewall add action=dst-nat chain=pre-hotspot dst-port=53 in-interface=bridge interface here protocol=tcp to-addresses=DNS_Nameserver1
/ip firewall add action=dst-nat chain=pre-hotspot dst-port=53 in-interface=bridge interface here protocol=udp to-addresses=DNS_Nameserver2
/ip firewall add action=dst-nat chain=pre-hotspot dst-port=53 in-interface=bridge interface here protocol=tcp to-addresses=DNS_Nameserver2
/ip firewall add action=return chain=pre-hotspot in-interface=bridge interface here (important rule to work above NAT Rules, place this end of the chain)
Step 4. Finally You need to add 2 entries to your Walled Garden IP List under Ip/Hotspot/Walled Garden Ip List/Add
action=accept/server=your bridge interface/dst address DNS_Namesever1 and another entry for DNS_Nameserver2
Test this out and you are good to go. Hope this helps
Thanks!