Hello everyone, unfortunately I could not find a reasonable setting for the package DNS-over-Https to forward the login pages because it only takes the installed dns e.g. google. but for the login page it needs a server required by the DHCP. Is there a kind of fallback or can i make a firewall setting to allow port 80 or the domain through, for example?
Don't enable https-dns-proxy until logged on ?
You can run a scripted check for some off network site, once accessible, enable the H-D-P.
"It would be good for me if it were possible for DNS over HTTPS to have a fallback to the WAN interface."
you can tell dnsmasq to use strict upstream DNS query order, and set the ISP's DNS as 2nd DNS server.
it'll query it as long as H-D-P doesn't come online
but it'll also use it if H-D-P goes down, or fail to resolve, and you'll most likely not notice when/if it happens.
I take it you are talking about having DNS-over-Https on the client device and the captive portal login page does not pop up?
Captive portals require attempted access to a client operating system specific pre-determined http URL. This process is client driven and is known as Captive Portal Detection (CPD) or sometimes "Canary Test".
Because your client does not have Internet access, the DNS-over-Https cannot resolve the CPD url, so does not trigger the portal.
There is a newer, router driven captive portal method, Captive Portal Information (CPI), where the router's dhcp delivers the portal url directly to the client rather than doing a redirect. But of course this will not work either, because the client still can't resolve the ip address.
There is a very effective workaround.
Open a browser and try to go to http://123.123.123.123 or some other memorable but nondescript ip address, noting the http:// part (no "s").
This will send a port 80 request that the captive portal will redirect to either the login page or an intermediate "Network Authentication required (Status 511)" page, depending on the captive portal in use.
Of course, if you are also running an "https everywhere" app, you are up the creek without a paddle... and captive portals are not for you.
1 Like