Programming, tutorials, mechatronics, operating systems, and other tech stuff

Mikrotik | How to Solve Blocked DNS Port (53) Under Hotspot Network

After i implement hotspot network in my workplace, everything went smooth. But after awhile, a problem arise. We, anyone behind hotspot, could not resolve some DNS, especially the one hosted by google such as customized blogger domain like this blog,

I can ping using mikrotik terminal in winbox, but i cannot nslookup it in my laptop and my coworker's laptop. I also try with another domain name, some of them get thru, some didn't. My DNS flow goes like this:

Client (DNS=>(IP= Mikrotik (DNS=>internet.

After some trial and error, i found what the problem is. Mikrotik's hotspot dynamically created a NAT rules which redirect DNS port TCP 53 and UDP 53 in order for the captive portal to work.

Here's a solution which works for my case. By bypassing TCP and UDP port 53. Here's the configuration:

/ip firewall nat
add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=udp
add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=tcp
/ip hotspot walled-garden ip
add action=accept disabled=no dst-port=53 protocol=udp
add action=accept disabled=no dst-port=53 protocol=tcp

Well, that's it. Now i can access all domain.

I hope it helps anyone having the same problem.


  1. I think this post

    might have a better solution. It redirects unauthenticated clients, but accepts authenticated ones.