I did a bit of experimenting and maybe found a way. Print the dynamic rules and set the redirect for tcp and udp dst-port=53 to "hotspot=!auth". Mine were rules 2 and 3.
/ip firewall nat
print dynamic
set 2 hotspot=!auth
set 3 hotspot=!auth
Note it added "hotspot=!auth" to rules 2 and 3.
[admin@test] /ip firewall nat> print dynamic
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client
1 D chain=hotspot action=jump jump-target=pre-hotspot
2 D chain=hotspot action=redirect to-ports=64872 protocol=udp hotspot=!auth dst-port=53
3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp hotspot=!auth dst-port=53
4 D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-dst dst-port=80
5 D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-dst dst-port=443
6 D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth
7 D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth
8 D chain=hs-unauth action=return dst-address=192.168.0.1
9 D chain=hs-unauth action=return dst-address=68.99.58.119
10 D ;;; currentIP
chain=hs-unauth action=return dst-address=68.99.58.116
11 D ;;; oldIP
chain=hs-unauth action=return dst-address=68.99.58.115
12 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80
13 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128
14 D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080
15 D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp dst-port=443
16 D chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
17 D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http
18 D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
No guarantees.