Not sure if I’m in the right category here, this is more of a general networking / VPN question and how an optimal tailscale would apply to my situation.
Problem:
I’m creating a homelab that will be running some services that I want to share with friends. I’ll use the example of a minecraft server as my shared service. Here’s my requirements:
-
When my friends are visiting my home (and on my LAN), I want them to be able to access the server with minecraft.mydomain-dot-com, no installlation of tailscale required. You could imagine this as useful for large gaming LAN parties, and setup is seamless when they all join my wifi/switch.
-
When my friends want to visit the server outside of my LAN, I tell them to create a tailscale account and I share my device with them such that minecraft.mydomain-dot-com works remotely as well
My question is effectively “how should I set up DNS in my registrar (cloudflare) and within tailscale” to get this working
Attempted Solutions
-
Create DNS A records in the registrar pointing to both the LAN IP and tailscale IP. This means that when client applications try to hit minecraft.mydomain-dot-com, they’ll possibly cycle/attempt one IP before falling back to the other; only one will work depending if they are on LAN or on tailscale. For web browsers this seemed to work fine, as eventually the browser would try the correct IP address and resolve. However, not all clients trying to resolve
myservice.mydomain-dot-com
after failing a request would go all the way back to the DNS response and try the other IPs returned by the registrar (ran into this with jellyfin) -
Have the public DNS registrar point to the tailscale IP and run a DNS server locally on my LAN that will resolve
minecraft.mydomain-dot-com
. This seemed non-ideal because then I’d need to tell my LAN-party guests to adjust their DNS settings to point to 192.168.0.53 (or something local) for the domain names to work -
Have the public DNS registrar point to the LAN IP, and run a DNS server that resolves
minecraft.mydomoain-dot-com
in my tailnet to the tailscale IP. This is what I currently do, and I’m wondering if there’s alternatives for it that are better/automatic. When I want to share my minecraft server with remote friends, I tell them to install tailscale, I share my device running the service/DNS, tell them to add a split-dns entry formydomain-dot-com
, and give an DNS IP address of the minecraft device which is also running a DNS server.
Fundamentally, I want to be able to “push” DNS rules to my friends, which is maybe more straightforward in more traditional VPN setups (???). When I share my device with friends, I want it to also register that device (or another one) as a domain-name server, or something similar; obviously you don’t want shared devices hijacking a user’s normal DNS. Any advice? Thanks!