On my home network, I run a k3s cluster which has an instance of bitwarden running I use for my password manager. I’d like to be able to access it wherever I go, so I have each node in my cluster hooked up to tailscale as a machine. On my laptop I have my /etc/hosts set up to redirect *.homelab to my manager node, and the ingress is set up to send bitwarden.homelab requests to the pod serving bitwarden.I’d like to use magic DNS here, so that on my phone (where I can’t modify /etc/hosts ) I can access my bitwarden instance from anywhere. I figured I can enable magic DNS, then set up a second ingress in k3s to handle the host that’s generated for me by tailscale and route to bitwarden. However, when I enable magic DNS and set the DNS servers to 8.8.8.8 or 8.8.4.4, it seems to just break all my devices’ connections to the internet. I get DNS_PROBE_FINISHED_BAD_CONFIG in my browser when trying to go anywhere (a tailscale machine or any public website). I’m also running pihole in my cluster, and am using it for DNS on my laptop and phone, but even when I disable this and try again it still seems to break.
I already spoke with @danderson via slack trying to debug some of this, but was asked to raise it here instead.
We determined that the DNS resolution was working as expected, however both ping and trying to browse to my magic DNS name would just hang.
We determined DNS resolution is working using the host command whilst I had magic DNS enabled. When I ran ping for the DNS name it also resolved, displaying the correct tailscale IP in the output. However, it hung indefinitely.
I just tried this out, I set the DNS servers to 8.8.8.8 and 8.8.4.4 without enabling magic DNS, and found that chrome gives a DNS_BAD_CONFIG_ERROR.
Here’s the command & output.
host 100.100.100.100
Host 100.100.100.100.in-addr.arpa. not found: 3(NXDOMAIN)
I have the same problem, any website that isn’t cached in my browser gives me that error.
Just trying some extra things out, when I enable DNS servers via the admin panel for each node in my k3s cluster homelab-0 to homelab-3. I have the exact same issue:
Here’s me trying to ping homelab-1 from homelab-0:
I’ve also found without enabling magic DNS or adding my own DNS servers I cannot ping any machine via its tailscale IP besides the local one. Not sure if that is intended behaviour?
Using tailscale ping I get a pong back from my machines.
In order to test more ping things, I added hello.ipn.dev as an external machine and can ping it fine, the problem seems isolated to my local machines.
This has led me to believe the problem is down to my router. It’s a proprietary one provided by my ISP with a lot of functionality locked down. I may just need a proper 3rd party router.
Just to clarify, are you saying that given an node address like, say, 100.1.1.1, that “ping 100.1.1.1” won’t work, but you can “ping x” if you set up “x” in a local DNS server or if you enable MagicDNS, it does work? That’s very strange; DNS settings should have nothing to do with pinging an IP address directly.
I’m still not quite clear what’s happening. Are you saying that changing the DNS settings in tailscale affects whether you can ping tailscale nodes using their IP address?
So:
If you have Tailscale’s DNS settings blank, nodes are unpingable, by name nor by IP
If you have Tailscale’s DNS settings set to 8.8.8.8, nodes are pingable, by name and by IP
Right? If so, that’s super weird and will need some investigation.
If I set the tailscale DNS settings, I get a DNS_BAD_CONFIG error on my devices trying to browse the internet. I’ve just replicated the behaviour on a fresh ubuntu install as well. I also cannot ping my devices by their tailscale IP if the tailscale DNS is set to 8.8.8.8 or blank.
@apenwarr I just fixed my problem with the hanging pings. I had removed all my ACL settings before and blocked myself out of everything. So now I can ping things via their tailscale IP again.
I’m still having the issue where changing DNS settings in tailscale causes the DNS_BAD_CONFIG error.
Sorry, this thread fell off my inbox. I’m glad you fixed at least part of the problem by opening up your ACLs. If you’re still having trouble, I’d suggest a) install tailscale 1.2.x on all your devices since our new stable release is out now, with MagicDNS support; and b) before setting DNS entries in the admin panel, try probing your DNS server using the host command (with an explicit DNS server argument) to see if that works at least. If it does, after enabling DNS and MagicDNS, try the host command again to see if it still works, before checking your browser. This will help narrow down the problem you might be having.
Hey @apenwarr, no problem. I’ve actually managed to get the things working that I wanted to. The only outstanding issue seems to be how Chrome reacts to enabling custom nameservers.
I can reproduce on both my phone and laptop when adding a custom nameserver that all name resolution fails with this DNS_BAD_CONFIG error. I can still reach everything via the terminal and in alternative browsers. It’s a weird one, and likely not an issue of Tailscale’s at this point by the looks of it.
Huh, that definitely is weird. Have you tried installing the Wireguard
client instead? You could use a nonsense config file, but plug in a
DNS server, to see if you get the same behaviour when the wireguard
'link" is enabled. If you do, that’s a sign it’s not tailscale
specific.
Just wanted to add that I’m seeing this issue as well. If I enter 8.8.8.8 or 1.1.1.1 into the nameservers field I just can’t really use my network any more.
@davidsbond, @itorres or anyone else running into this – what is the output from grep nameserver /etc/resolv.conf when Chrome is complaining about DNS_BAD_CONFIG?
Just another Tailscale user, but I’m chasing DNS problems as well and noticed a misconfigured /etc/resolv.conf. I’m curious if that’s what is happening here.
@within I’m on a pretty vanilla Ubuntu install, but checking my running services I’m using resolvconf. Any way I can double check if that’s what I’m using or not?