I am trying to protect my network from unauthorized use of VPN and bypass captive portal which I setup for my network. I enabled some policies in Cloudflare zero trust to block security risks but it seems that it is unable to detect and block dns tunnel.
I have tried a vpn app tested inside my network and Cloudflare let the dns txt passthrough. This vpn app uses dns tunneling via txt to bypass firewall and captive portal. Can someone guide me which is the right way to have these dns tunnels detected and blocked properly?