DNSMASQ config for captive portal

when I use address=/#/127.24.2.1, the internet requests that go from internal scripts also fail

It seems that your internal scripts use to resolve DNS names the same local dnsmasq server as you wifi clients.

Check your /etc/resolv.conf configuration and if there is present your dnsmasq server address (127.24.2.1 or 127.0.0.1 or other) - remove it. Instead use you ISP DNS servers, or Google DNS, or any other you prefer, which do not replace any addresses to 127.24.2.1.

Note. If you system use resolvconf to generate /etc/resolv.conf (in resolv.conf present warning like # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN), then you need to edit configs in /etc/resolvconf/resolv.conf.d/ instead, and after it regenerate /etc/resolv.conf (restart networking or better - restart whole system)

Another possibility: remove package resolvconf and edit /etc/resolv.conf

In case anyone is curious about an update (in 2017) to this question... I was able to recreate the issue and figured out a solution.

Disable dnsmasq from resolving for the loopback interface (in /etc/dnsmasq.conf):

except-interface=lo

Add to the tail file of resolvconf (in /etc/resolvconf/resolvconf.conf.d/tail)

nameserver 8.8.8.8

Restart Services

sudo systemctl restart dnsmasq
sudo resolvconf -u

What this does

dnsmasq will now reject any DNS Request make on the localhost, and the localhost will then have to resort to using the second Name Server in line (which is now 8.8.8.8)

What if there isn't a /etc/resolvconf/resolvconf.conf.d/ directory?

You might have openresolv installed instead... I uninstalled openresolv and installed resolvconf. You'll run into other issues - but that's probably not relevant to this answer.