DNS-SD (unicast, not mDNS) breaks with overlapping Tailscale DNS configuration

On my network, I’ve implemented wide-area Bonjour (DNS-SD via Unicast DNS resolution) to enable AirPrint on my various VLANs without having to reflect all of the mDNS names under .local using something like Avahi.

I have the DNS-SD discovery record served up from the local DNS in the same domain as I set as the default domain in DHCP option 15. This works as expected for devices on the local network. On a Mac, “dns-sd -F” will return both .local (via mDNS) as well as my DNS-SD domain. Furthermore, AirPrint printers, etc. are then discoverable.

If the client is also connected to my Tailnet, then discovery fails. “dns-sd -F” only shows .local, on the same network. I have my Tailscale DNS settings configured to forward requests for my domain to the same DNS server that is hosting the DNS-SD record (reachable via subnet router for remote clients, to support split-horizon DNS). Everything else under that domain resolves correctly via Tailscale.

While I was not expecting the DNS-SD to work for remote clients via Tailscale, I was surprised to see discovery fail when connected to the local network with Tailscale running (i.e. where the DHCP option DNS domain being provided on the local network is the same as domain I am doing split-horizon DNS with in my Tailscale configuration, and both the local network’s DHCP server and the Tailscale configuration are pointing clients at the same DNS server).

Is this expected behavior?

Tailscale client: 1.18.2

DNS-SD discovery records for browsing, as served up by local DNS:
lb._dns-sd._udp.axeltech.com. 60 IN PTR sd.axeltech.com.
b._dns-sd._udp.axeltech.com. 60 IN PTR sd.axeltech.com.


Are you using an exit node with your tailnet? That can change routing for local LAN.
If not, are you saying that the DNS-SD records are not being carried through to the DNS server when you have tailscale enabled?

Yes, I have a subnet router that also advertises an exit node set up on my LAN. However, the issue occurs even if I am not using that exit node and I have Use Tailscale Subnets disabled.

Basically, if I have Tailscale DNS enabled in the client, then my computer cannot see the DNS-SD discovery records, where I have the DNS-SD records in a search domain that is being served over my local LAN’s DHCP and where same search domain is configured in Tailscale DNS’s split DNS configuration, where both my local DHCP and Tailscale are pointing to the same DNS server that is hosting the DNS-SD discovery records.

It looks like we filter out that traffic, as it is a very chatty protocol, and wakes up the radios on mobile devices, which causes a lot of battery drain.