I don't know, given how far off the OP's is.
If they leaned toward Travelmate I'd tell them to start over because it wants a clean slate; so I'd avoid trying to clean up their current dns config.
The luci-app-travelmate ensures these packages are present:
'dnsmasq' as dns backend
I had a day and just got back.
So, that suggests it will work with and is expecting it and so, kill me for my presumption, presume it has configured in some way prima facia.
I could ask in the Travelmate thread but I need a little more participation from the OP.
He is more likely across the road from a coffee shop and wants to leech free Internet and is trying to hide what he is doing from them.
Any Captive Portal should block all dns except for its own during the "login" phase, as well as enforce use of its dhcp, to help prevent third party MITM attacks. Maybe the OP is a wannabe MITM......
Travelmate looks very useful. I have attempted to use this many times before. Been trying to make it work for the past two days. Logged a separate help request
i have multiple routers and pi and usb wifi adapters. i use one pi as travel router sometimes. please treat each thread independently. not all issues are on the same device.
this thread is not device related, just my lack of understanding in configuring secure dns. i am slowly going through each of the actions each of you have suggested.
i have configured secure dns with dnsmasq and unbound and stubby and other options listed in wiki. all work when there is a ready internet connection. where i fail is when i hit a captiveportal. i have to get my head around setting exceptions and discovering what isp dns ip to set at the time i hit captiveportal.
i don't have an issue with captiveportals, and i don't mind logging in manually. my issue is the always on whatever secure dns solution i use.
A captive portal works by having a DNS server for users that have not yet logged in which resolves all names to the same IP: that of the private captive login page. Thus, wherever a not logged in user may try to go on the Internet, they will get the login page instead.
If you try to use other than the portal's DNS which was advertised over DHCP, your browser will not find the IP of the login page and won't be able to show it to you. Thus there is no way to log in. Secure DNS needs to be disabled until after log in is completed.
This is all handled by Travelmate but it seems @josephg has not started a thread to help walk them through the eggshells of Travelmate.
It is unforgiving.