Hospital WLAN blocks access to internet because of NextDNS
I have set NextDNS on my router and also on my Android 10 smartphone using the recommended settings.
I was lately in a hospital in Munich Germany (Klinikum Großhadern). I logged with my phone in the Guest WLAN network and I was successfully connected. But few seconds later a exclamation mark showed up above the Android WiFi icon. Although I was connected, the internet was not working. I could not visit any web page.
I figured out that the private DNS setting was the problem, as everyone else except me did have internet on their phones connected to the specific WiFi.
So my question is how does the hospital know that I am using a different DNS server on my phone ? And how can they block my internet access ?
Corporate networks need to inspect traffic to protect their systems. If traffic is encrypted, they cannot inspect it. Encrypting DNS traffic also means that the corporate network would not be able to perform DNS filtering to ensure malicious sites are not being visited.
On my network, I run NextDNS on the Router so all outgoing DNS queries are encrypted. However, the router prevents internal DNS queries from being encrypted. It blocks: port 853, all known DoH servers and re-routes port 53 DNS queries to itself to prevent users using another DNS provider.