1

Excluded WI-FI Networks — not working with captive portal(s)

Each time I try to connect at an Airport Lounge: Delta, United or on an Airplane: Delta, Southwest, United. . .I have to disable the DNS setting in iOS/iPadOS to ‘Automatic’ instead of just putting the WI-FI into the ‘Excluded Networks’.

This appears to also be the case for devices that have been enrolled that have a captive portal.

Have disabled the ‘Low Latency’ as a compatibility as well, but still having problems.

Another example is at Walmart when trying to connect to their network.

Please let me know if there is a step I am missing.

.tnx.

.mws.

7 replies

null
    • losnad
    • 4 yrs ago
    • Reported - view

    https://help.nextdns.io/t/q6hjzz4/nextdns-works-fine-at-home-but-not-school

    • Michael_Smith
    • 4 yrs ago
    • Reported - view

    Same... what's up with Walmart?  It's not a captive portal.  I suppose it's content blocking to keep employees off porn.

    • Matt_Sickles
    • 4 yrs ago
    • Reported - view

    So, here are the steps that have been taken--examples included:

    1. Delta Airlines

    1. - Turned off DNS Rebinding;
    2. - Whitelisted domain; and
    3. - Unloaded NextDNS agent, changed to 'Automatic' on iOS/iPadOS

    Number 3 was the only one that worked. Am quite stumped as there are no logs that support why the traffic is being blocked.

    The domains whitelisted were:

    None of the whitelisted domain(s) appear to have allowed the captive portal to appear.

    Would like to know what other modes of troubleshooting to perform, as there just seems to be an incompatible approach to getting online without disabling and unloading the agent.

    .tnx.

    .mws.

    • brianp9906
    • 4 yrs ago
    • Reported - view

    The only reliable method I found was using Shortcuts automation. A personal automation, “when airplane mode is turned on, disable NextDNS”. I did the reverse also. It’s the only guarantee I have with family members being able to get on those.
    Captive portals are still an issue at hotels. 

    • Spencer
    • 4 yrs ago
    • Reported - view

    It seems I couldn't retroactively apply the excluded domains even though I put them in the allow list via the web browser portal after I installed the profile. So decided to delete the profile and add the app instead which works just fine now.

    • Cal4t5
    • 11 days ago
    • Reported - view

    I think im still coming across this issue. I have a captive portal at work, and putting my work wifi as excluded does not suffice, I must actually toggle off NextDNS in the app.

      • jroks123
      • 11 days ago
      • Reported - view

       

      So, this is an actual interesting edge case.

      I don’t think this is limited to public WiFi specifically. Corporate and work environments can behave very similarly if they use captive portals, onboarding/authentication gateways, NAC systems, or enforced DNS policies before granting full network access.

      What’s likely happening is Android Private DNS / encrypted DNS is trying to establish its own trusted DNS path immediately, while the network is expecting to intercept DNS traffic first for authentication, policy enforcement, or traffic inspection. Those two behaviors can conflict with each other.

      That would also explain why excluding the SSID alone may not fully work, but completely disabling NextDNS does. Android’s Private DNS behavior is fairly aggressive/system-wide once enabled.

      There’s also the possibility that some corporate environments are intentionally blocking or interfering with external encrypted DNS providers like NextDNS as part of company policy/security controls.

      At the moment, the most reliable workaround still seems to be temporarily disabling NextDNS/Private DNS long enough to complete authentication and establish connectivity, then re-enabling it afterward.

Login to reply

Content aside

  • 1 Votes
  • 11 days agoLast active
  • 7Replies
  • 1131Views
  • 7 Following