DNS query failing

milanaleksic · February 27, 2021, 8:45am

Hi all. I have following scenario which I need help debugging:

I have Tailscale with subnet routing at my home
I have my own pihole dns server running at my home, on a Tailscale node. MagicDNS is not enabled (OK, I later turned it on but it doesn’t fix or make worse the same issue)
PiHole works for all my appliances at home (just to confirm that no firewalls sit on that node but you will see down that netcat confirms port is open)
I started a node in cloud (ubuntu 20.04, on oracle).
I can connect to my home nodes via SSH (for example, also http communication works without issues)

My problem: DNS resolution fails when I try to reach out to that piHole server

Here is a log of my findings:

ubuntuinstance-20210227-0803:~$ sudo nmap -sU -p 53 192.168.1.111
Starting Nmap 7.80 ( ) at 2021-02-27 08:24 UTC
Nmap scan report for 192.168.1.111
Host is up (0.022s latency).

PORT   STATE         SERVICE
53/udp open|filtered domain

Nmap done: 1 IP address (1 host up) scanned in 0.42 seconds
ubuntuinstance-20210227-0803:~$ sudo nmap -sT -p 53 192.168.1.111
Starting Nmap 7.80 ( ) at 2021-02-27 08:25 UTC
Nmap scan report for 192.168.1.111
Host is up (0.012s latency).

PORT   STATE SERVICE
53/tcp open  domain

Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
ubuntuinstance-20210227-0803:~$ dig  google.com @192.168.1.111

; <<>> DiG 9.16.1-Ubuntu <<>> google.com @192.168.1.111
;; global options: +cmd
;; connection timed out; no servers could be reached

Can someone help me figure out what is going on? These dig queries work from my home network.

Besides these DNS queries failing Tailscale actually works (I can SSH into another node at my home from this cloud node, for example)

I have also found this interesting: UDP takes around 3 seconds, each time - like there’s some configuration somewhere to make it like that:

root@instance-20210227-0803:/home/ubuntu/chef/chef-repo# time sudo nc 192.168.1.117 53 -vzu
Connection to 192.168.1.117 53 port [udp/domain] succeeded!

real    0m3.007s # each time around 3 sec
user    0m0.006s
sys     0m0.000s

FYI, Consul Serf also seems to be failing often and working unstable… maybe all of these issues are because of the same underlying problem? Not sure but I am confident that for most networking people this is a trivial problem

33b5e5 · February 27, 2021, 11:11pm

Pi-hole uses dnsmasq under the hood, and I think by default, binds dnsmasq to a single interface. So it’s not going to respond on the tailscale interface, regardless of what nmap is suggesting (by the way, nmap is often misleading for UDP). On the Pi-hole web UI go to Settings > DNS > “Interface listening behavior”.

milanaleksic · February 28, 2021, 5:56am

Pi-hole uses dnsmasq under the hood, and I think by default, binds dnsmasq to a single interface. So it’s not going to respond on the tailscale interface, regardless of what nmap is suggesting (by the way, nmap is often misleading for UDP)

Thanks for going the step beyond and help fixing 3rd party issues, this was indeed the problem

33b5e5 · February 28, 2021, 7:27am

Glad that helped!

I don’t work for Tailscale… just another user and a fan of Pi-hole.

Topic		Replies	Views
DNS not working	0	877	October 22, 2022
DNS not working on linux exit node SUPPORT QUESTIONS	1	358	February 21, 2023
Tailscale on DIgital Ocean not resolving local hosts and not using correct DNS SUPPORT QUESTIONS	0	685	July 15, 2022
DNS over tailscale subnet routing fails SUPPORT QUESTIONS	1	1739	July 28, 2022
No DNS resolving with "override local DNS" switched on SUPPORT QUESTIONS	1	1958	March 13, 2022

DNS query failing

Related topics