I haven't experienced this issue.   When you say slower, what are the ping response times?  Like 2ms on a bridged SSID and 20ms on a NAT ssid?   Are the NAT users dropped into the same VLAN as the bridged users?  If not, perhaps whatever is providing the routing for the NAT VLAN is slower. ... View more

When you are running an SSID in NAT mode all the clients on the wireless side will be using a DNS server of 10.128.128.128. The AP just acts as a forwarder and forwards those requests to the custom DNS servers that you have defined if the hostnames are not already cached. See here https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/DNS_and_NAT_Mode.   What I suspect you are seeing is a browser (e.g. Firefox, Chrome) using DNS over HTTPS (DoH) to server IP addresses defined in Chrome - essentially bypassing the normal DNS mechanism, and your filtering solution. Have a Google of ‘Chrome DoH’ for some more information. Unfortunately this is a difficult one to prevent if it’s on devices you don’t manage. ... View more