It's a note two lines down from the bullet points you copy pasted. I had copy pasted it in my previous post.
I guess it needs the IP and the DNS access for the other bullet:
Blocked Splash Pagewill be displayed when user tries to load a web page
Using a big enough pool for your DHCP and lowering the lease time should mitigate the DHCP issue. Adding to that taking a look at other high density tricks might also be relevant. Segmenting the traffic per floor to avoid having floods all over the place might help.
Another thing you could do is to use a dedicated 3d party DHCP server and having MAC blacklists on that. This way both problems would also be solved.
But like you I like KISS, so I'd only consider these if I'm really experiencing issues.
If it was me, I would just expand your pool of IP address space for the devices that are attaching.
Note that you do expose yourself to a possible DHCP exhaustion attack using the approach you are using (and you are in a school ...). With a DHCP exhaustion attach you can download existing attack tools, and all they do is send DHCP requests using different MAC addresses until the DHCP server has no IP address space left to give out to real clients.
The second approach I would use is to just use a NAT mode SSID. With 16 million IP addresses it makes a DHCP starvation attack improbable. With the hashing method that Meraki uses with a NAT mode SSID to generate DHCP client addresses - it is probably impossible.