Clients can't reach when using exit node and ACL

I have two exit nodes in my tailnet that work completely fine including MagicDNS and DNS resolution when using them.

As soon as I remove {"action": "accept", "src": ["*"], "dst": ["*:*"]} from my ACL, none of my devices can resolve DNS names via anymore when using one of the exit nodes. The DNS requests always time out. When not using the exit nodes, DNS resolution via works fine. I can also ping the internet and other tailnet nodes while using the exit nodes, only reaching breaks.

Do I need some specific ACL to allow access to through exit nodes?

I tested this with Version 1.38.4 on macOS and 1.39.146 on iOS. The exit nodes (both Linux) are on 1.32.3-1 and 1.40.0.

My ACL (slightly redacted):

	"tagOwners": {
		"tag:someserver": ["autogroup:admin"],
		"tag:somerouter":  ["autogroup:admin"],
	"acls": [
			"action": "accept",
			"proto":  "udp",
			"src":    ["*"],
			"dst":    ["internalIPofDNS1:53", "internalIPofDNS2:53"],
			"action": "accept",
			"src":    ["myuser@authprovider"],
			"dst":    ["CIDRofinternalnetwork:*"],
		{"action": "accept", "src": ["myuser@authprovider"], "dst": ["*"]},
		{"action": "accept", "src": ["tag:somerouter"], "dst": ["*"]},
	"tests": [],

This ACL works as long as I don’t use exit nodes. When I use an exit node (e.g. somerouter), the clients can’t reach anymore.