Two ways for doing DNS tunneling:
1. direct way, you pass to your server through port 53.
2. indirect way, you pass through a "official" domain that you own and make the DNS of where you are communicate with your server.
For 1. it's not open very often, indeed. But for 2. I see it open all the time, even in banks...
What are you tunnelling to? In a proper captive portal, it's blocked.
I'm not talking about just blocking DNS. Or just blocking know DNS services. A good captive portal just denies everything save the web/dns traffic redirected to an internal server running on the portal. That is until you log in and get explicit allow rights.
If your portal isn't doing this, if you can escape and actually connect to external IPs, it's not captive.
For 1. it's not open very often, indeed. But for 2. I see it open all the time, even in banks...