Custom DNS and Hotel Wi-Fi: Why 1.1.1.1 and 8.8.8.8 Break Captive Portals

Custom DNS resolvers are great for speed and privacy at home. At a captive portal, they break the redirect.

How captive portals use DNS

Captive portals work by hijacking DNS. When your Mac asks the router “what’s the IP for google.com?”, the router intercepts the query and returns the portal’s IP address instead of the real one. Your browser goes to the portal page thinking it’s going to Google.

This is intentional. It’s how the portal gets you to the login page even when you’re trying to visit a completely different site.

Why custom DNS breaks this

If you’ve configured your Mac to use a custom DNS resolver — Cloudflare (1.1.1.1), Google (8.8.8.8), Quad9 (9.9.9.9), or OpenDNS — your DNS queries go directly to that resolver, encrypted, bypassing the hotel network’s DNS server.

The router has nothing to intercept. The redirect never happens. You get the real DNS response back (or no response, if the encrypted query can’t reach the resolver through the portal), and the login page never appears.

How to check if you have custom DNS configured

Hotspot Guide shows this in the Diagnostics tab — if the “Custom DNS” check shows a warning, you have a non-network-default resolver configured.

To check manually:

  1. System Settings → Wi-Fi
  2. Click your connected network → Details
  3. Click DNS
  4. If you see entries like 1.1.1.1, 8.8.8.8, 9.9.9.9, or 208.67.222.222, those are custom resolvers

The fix

Remove the custom DNS entries for the duration of your session:

  1. System Settings → Wi-Fi → (your network) → DetailsDNS
  2. Select each custom entry and click the (minus) button
  3. Leave the list empty to use the network’s default DNS
  4. Click OK and wait a moment for the change to take effect

After you authenticate through the portal, you can add your custom DNS entries back.

A note on DNS over HTTPS

Some apps (browsers, privacy tools, VPN clients) route DNS queries over HTTPS (DoH) regardless of your system DNS settings. If you’ve enabled DoH in Firefox, Chrome, or a DNS proxy app, those queries will still bypass the portal even after you remove system-level custom DNS.

Check your browser’s privacy/security settings and disable DoH temporarily if you continue having issues.

After you’re online

Add your custom DNS entries back the same way you removed them. The portal has already authenticated your device’s MAC address — switching DNS won’t kick you off the portal session.

If you frequently travel and forget to reset DNS, consider a tool that lets you create location-based network profiles, or just remember to check the “Custom DNS” line in Hotspot Guide before blaming the hotel.

Get Hotspot Guide

Diagnose captive portal issues in seconds — even before you're online. $9.99, one-time purchase.

Download on the Mac App Store Download on the App Store