Captive Portals

NextDNS fails to allow connections to captive portals. By definition, a captive portal is a Man-in-the-Middle attack. That said, they are absolutely necessary. I have had to remove NextDNS from my family's computers and go back to a hacked VPS running PiHole because of the issue. The captive portals are inaccessible on M1 Macs running the latest updates and the NextDNS profile, on Fedora 34 running the latest updates and the Linux client, on iPhone 11 Pros running latest updates and the profile, and an M1 Mac running the latest update and the Apple App Store client.

Look, I know I can add the portals to the "allow list" or remap them in the "settings" tab, but this is just not feasible for a family of five using your product. There has to be a better solution. PiHole is functional but it lacks quite a few of the specialized features you all have added to NextDNS.

That said, if this can not be corrected, I do not think businesses or families will see your product as viable.

3replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • You have a captive portal at home?

  • Sorry, no captive portals at home. The captive portals we encounter are at Panera, Starbucks, Einstein's, University Hospital, Christus Hospital, Methodist Hospital, Ikea, McDonalds, heck, even school now. 

    As a work around, the updated apps for the iphone and MacBooks can be set as the System DNS, but the switch in the NextDNS app will allow returning to the dhcp (Standard) DNS without having to remove NextDNS as the system DNS.

    I have instructed my family that when they encounter a captive portal with a blank screen to turn off the switch in NextDNS, cycle the wifi with Airplane mode, and then after connected, turn back on NextDNS. The problem is that they usually forget to turn it back on. 

    I wish there was a "button" one could add to the "widgets" that would cycle the NextDNS with dhcp DNS for say 3 minutes to allow connection to the captive portal. That way, it could turn NextDNS back on without having to remember to turn it back on.

  • I've seen this multiple times on iOS, and sometimes on Macbook Pro with the native apps installed.  Also see it with the CLI installer on MacBook.  I've been an early adopter of NextDNS and now that 's grown to where it is this should simply work.  Normal folks are not going to know to disable, re-enable, etc and that is putting the security back in the hands of the user.  There are always reports of captive portal issues, and these need to get fixed and prioritized IMO so it works consistently.

Like2 Follow
  • 3 mths agoLast active
  • 3Replies
  • 112Views
  • 3 Following