Caddy on an Azure VM, `--accept-dns=false` cannot resolve host

jcg · March 3, 2023, 4:10am

Question - what is the proper way to configure DNS in an Azure VM so that Caddy can see Tailnet names?

Subquestion - Why does the Azure Linux VM KB say not to accept Tailscale DNS?

Setup
I’ve set up an Ubuntu 22.04.2 LTS VM in Azure using the direction in KB which says…

For Azure VMs it is generally best to let Azure handle the DNS configuration, not have Tailscale override it, so we added --accept-dns=false.

And I’m dutifully configuring tailscale with --advertise-routes=10.0.0.0/24,168.63.129.16 --accept-dns=false .

On this VM, I wish to run code-server behind caddy, using the following reference - Coding on iPad using VSCode, Caddy, and code-server

My Caddyfile is as follows…

# bind to TS name for private use only.
{
    default_bind <machine-name>.<tailnet-name>.ts.net
}

<machine-name>.<tailnet-name>.ts.net {
    reverse_proxy 127.0.0.1:8080
}

The Caddy service fails to start and has the message
Status: "loading new config: http app module: start: listening on <machine-name>.<tailnet-name>.ts.net:80: listen tcp: lookup <machine-name>.<tailnet-name>.ts.net on 127.0.0.53:53: no such host"
This makes sense, I suppose, since I’ve told this machine not to accept the Tailscale DNS.

What’s the right way to handle this?

Further diagnostics

admin@test-dev:~$ resolvectl status
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (eth0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 168.63.129.16
       DNS Servers: 168.63.129.16
        DNS Domain: uyadb5mkh3vurbfgosmz11z43h.jx.internal.cloudapp.net

Link 4 (tailscale0)
Current Scopes: none
     Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

admin@test-dev:~$ resolvectl query test-dev
test-dev: 10.0.0.4                               -- link: eth0
        (test-dev.uyadb5mkh3vurbfgosmz11z43h.jx.internal.cloudapp.net)

-- Information acquired via protocol DNS in 54.5ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network

admin@test-dev:~$ resolvectl query test-dev.tailnet-name.ts.net
test-dev.tailnet-name.ts.net: resolve call failed: 'test-dev.tailnet-name.ts.net' not found

Thank you in advance for your help

Topic		Replies	Views
[SOLVED] Custom sub domain routing through Tailscale with SSL SUPPORT QUESTIONS	4	4487	October 20, 2022
Tailscale on DIgital Ocean not resolving local hosts and not using correct DNS SUPPORT QUESTIONS	0	527	July 15, 2022
Tailscale DNS and sytstemd-resolved SUPPORT QUESTIONS	0	889	November 15, 2022
DNS over tailscale subnet routing fails SUPPORT QUESTIONS	1	1345	July 28, 2022
Tailscale on Linux host breaks all dns on docker containers SUPPORT QUESTIONS	2	1222	April 19, 2023

Caddy on an Azure VM, `--accept-dns=false` cannot resolve host

Related Topics