Caddy on an Azure VM, `--accept-dns=false` cannot resolve host

jcg · March 3, 2023, 4:10am

Question - what is the proper way to configure DNS in an Azure VM so that Caddy can see Tailnet names?

Subquestion - Why does the Azure Linux VM KB say not to accept Tailscale DNS?

Setup
I’ve set up an Ubuntu 22.04.2 LTS VM in Azure using the direction in KB which says…

For Azure VMs it is generally best to let Azure handle the DNS configuration, not have Tailscale override it, so we added --accept-dns=false.

And I’m dutifully configuring tailscale with --advertise-routes=10.0.0.0/24,168.63.129.16 --accept-dns=false .

On this VM, I wish to run code-server behind caddy, using the following reference - Coding on iPad using VSCode, Caddy, and code-server

My Caddyfile is as follows…

# bind to TS name for private use only.
{
    default_bind <machine-name>.<tailnet-name>.ts.net
}

<machine-name>.<tailnet-name>.ts.net {
    reverse_proxy 127.0.0.1:8080
}

The Caddy service fails to start and has the message
Status: "loading new config: http app module: start: listening on <machine-name>.<tailnet-name>.ts.net:80: listen tcp: lookup <machine-name>.<tailnet-name>.ts.net on 127.0.0.53:53: no such host"
This makes sense, I suppose, since I’ve told this machine not to accept the Tailscale DNS.

What’s the right way to handle this?

Further diagnostics

admin@test-dev:~$ resolvectl status
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (eth0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 168.63.129.16
       DNS Servers: 168.63.129.16
        DNS Domain: uyadb5mkh3vurbfgosmz11z43h.jx.internal.cloudapp.net

Link 4 (tailscale0)
Current Scopes: none
     Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

admin@test-dev:~$ resolvectl query test-dev
test-dev: 10.0.0.4                               -- link: eth0
        (test-dev.uyadb5mkh3vurbfgosmz11z43h.jx.internal.cloudapp.net)

-- Information acquired via protocol DNS in 54.5ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network

admin@test-dev:~$ resolvectl query test-dev.tailnet-name.ts.net
test-dev.tailnet-name.ts.net: resolve call failed: 'test-dev.tailnet-name.ts.net' not found

Thank you in advance for your help

Topic		Replies	Views
[SOLVED] Custom sub domain routing through Tailscale with SSL SUPPORT QUESTIONS	4	7234	October 20, 2022
Caddy and macOS Tailscale from App Store macOS	1	1427	November 27, 2022
Tailscale on DIgital Ocean not resolving local hosts and not using correct DNS SUPPORT QUESTIONS	0	698	July 15, 2022
Tailscale DNS and sytstemd-resolved SUPPORT QUESTIONS	0	1333	November 15, 2022
DNS nameservers set in Tailscale console not respected when using Tailscale through Docker Linux	0	75	September 23, 2024

Caddy on an Azure VM, `--accept-dns=false` cannot resolve host

Related topics