DNS breaks when trying to connect to Exit Node

SUPPORT QUESTIONS
1

Tailscale version: 1.22.0
Your operating system & version: Debian GNU/Linux 11 (bullseye)

Here is my Bug Report string:
BUG-37509d153a23d95f7979a2e1aa11b5cfdcbae39757399258f3a8b64e913855db-20220304205311Z-baf4caebc52f9141

I am trying to connect my Debian machine to a MacOS Exit Node but whenever I try to do so, DNS gets completely broken on the Debian machine.

Here’s what I’ve done so far:

  1. Configured the MacOS machine as an Exit Node
  2. Attempt to connect to Exit Node via Debian machine on local network - success (first initial success)
  3. Attempt to connect to Exit Node via Windows machine outside of local network - success
  4. Restart MacOS machine (to simulate failure scenario) and configure as an Exit Node again - success
  5. Attempt to connect to Exit Node via Windows machine outside of local network - success
  6. Attempt to connect to Exit Node via Debian machine on local network - failure (unable to connect to the internet at all, send pings, install packages, etc)
  7. Run sudo tailscale down on Debian machine - failure (still unable to connect to internet at all)
  8. Restart Debian machine, attempt to access internet without Tailscale running - success
  9. Attempt step 6 and 7 again - failure (same issues)
  10. Wipe Debian machine, reinstall and reauthenticate Tailscale - success
  11. Attempt step 6 and 7 again (this time outside of local network) - failure (same issues)
  12. In Tailscale Admin Console, change DNS settings. Set Global Nameservers to 8.8.8.8 and set to override local DNS. Enable MagicDNS. (This step was taken according to an answer given on this forum post: No DNS when using Exit Node - #10 by darshinimashar)
  13. Repeat step 10
  14. Attempt step 6 and 7 again - failure (same issues)
  15. Repeat step 10
  16. Try to connect to Tailscale via Debian machine without connecting to Exit Node by running sudo tailscale up --exit-node= --reset - success
  17. Run tailscale ping via the Debian machine to the MacOS machine’s IP address from outside the local network - success

In the Tailscale admin dashboard I can see that the MacOS machine is connected and online, and I can also ping it from outside the local network when running Tailscale without connecting to an Exit Node. I can also successfully connect to the Exit Node on a Windows machine from outside of the local network and have no issues with DNS during the connection or after disconnecting. So the problem doesn’t appear to be with the Mac, as it can accept outside connections and forward them. It’s only with my Debian machine that I’m having a problem.

I haven’t touched the ACL rules at all (they display a default example file in the dashboard). I’ve also tried connecting from my Debian machine after a fresh install several times with no success. What is really strange is that I was able to connect the same machine to the Mac successfully before. It was only after restarting the Mac that I started having problems with the Debian machine connecting (and not the Windows machine).

Is there anything I can do to find out more info here? Any settings I should tweak? Any commands I should run on my Debian machine to test out? Anything would be helpful. Thank you

2

Are you running systemd-resolvd or resolvconf packages?

These both actively track changes to DNS settings and work to keep them valid, but they need to have a state to restore to. This can be in /etc/resolvconf.d and should have a working DNS server to fall back to, such as 8.8.8.8 or the server of your ISP.

Tailscale re-writes the /etc/resolv.conf file when it comes up, which repairs the problem.