Can't use magic DNS or tailscale with android private dns for name resolution

I have a tailscale network comprised of 3 raspberry pi’s and a remote pixel 5g mobile phone also running tailscale connected via 5g. Everything shows active in the tailscale control panel. As you may know, Android allows an entry into the private dns field which cannot be a number but rather a name, i.e. one.one.one.one for cloudlfaire, etc.

Based on the explanation here: MagicDNS is generally available · Tailscale

it sounds like I can input my tailscale generated magicdns name of the pihole device into my pixel phone into the private dns in the pixel and the phone should use the pihole for dns resolution.

Yet that is not happening. When I input the magicdns name of the pihole into the pixel phone dns entry field, I get a message on the phone that dns resolution is not working.

What am I missing here…?

Is the piHole set up with a proper SSL certificate on the magicDNS name? You may need to look into HTTPS certificate to get it working.

It’s a guess, but I’d expect Private DNS won’t work unless the server is properly secured.

Edit: Try this article if you’re not already familiar with the concepts. Not done it myself, but this seems a decent guide Tutorial to setup your own DNS-over-HTTPS (DoH) server - Antoine Aflalo

This sounds like a good solutino. I’ll try it! Thank you!

What do you think about this solution? Would it solve the issue?

Looks like it does DoH, but doesn’t mention DoT. Android has done DoT since 9.0 but DoH was only introduced in 13, so it depends what your phone is running I think. If it’s a pixel I’d guess you’ll be fine.