Programming, tutorials, mechatronics, operating systems, and other tech stuff

Mikrotik | How to Solve Blocked DNS Port (53) Under Hotspot Network

After i implement hotspot network in my workplace, everything went smooth. But after awhile, a problem arise. We, anyone behind hotspot, could not resolve some DNS, especially the one hosted by google such as customized blogger domain like this blog,

I can ping using mikrotik terminal in winbox, but i cannot nslookup it in my laptop and my coworker's laptop. I also try with another domain name, some of them get thru, some didn't. My DNS flow goes like this:

Client (DNS=>(IP= Mikrotik (DNS=>internet.

After some trial and error, i found what the problem is. Mikrotik's hotspot dynamically created a NAT rules which redirect DNS port TCP 53 and UDP 53 in order for the captive portal to work.

Here's a solution which works for my case. By bypassing TCP and UDP port 53. Here's the configuration:

/ip firewall nat
add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=udp
add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=tcp
/ip hotspot walled-garden ip
add action=accept disabled=no dst-port=53 protocol=udp
add action=accept disabled=no dst-port=53 protocol=tcp

Well, that's it. Now i can access all domain.

I hope it helps anyone having the same problem.


  1. I think this post

    might have a better solution. It redirects unauthenticated clients, but accepts authenticated ones.

  2. I do believe all of the ideas you’ve introduced on your post. They are really convincing and can definitely work. Still, the posts are too brief for newbies. Could you please lengthen them a bit from subsequent time? Thank you for the post. la web design

  3. Awsome post and to the purpose. I not extremely apprehend if this is often really the most effective place to raise however do you guys have any thoughts on where to employ several professional writers? Thank you! web design agency los angeles