I’m currently running a hotspot based access point using RB750r2, recently there’s a lot of complaints regarding the hotspot availability.
I did a few troubleshooting and found out that encrypted dns request is the culprit here.
For example, user using Android device use Intra and tunnel their DNS requests through Google DNS-o-TLS. When their device is connected, it tries to reach Google’s connectivity check pages. However, due to the DNS request being tunneled, Mikrotik was unable to redirect that specific request (that should bring up the captive portal). This tunnel also break the local static dns entry for that specific device.
I’ve tried putting port 53 (dns) and 853 (dot) in my walled garden but I had no idea how to allow ONLY dns over https on port 443.
Any thought or idea are appreciated,
Thank you.