I’m running Tailscale 1.24.2 under Windows 10. But I see this same issue on my Mac, my iPhone and under WSL. The issue is network related because when I switch networks (tether to my phone) I don’t see this issue. But I’m trying to get ahead of this issue because I can imagine users at my company running into this and I want to have a good solution for them.
The problem is that DNS resolution isn’t working. But why this is odd and I’m posting here is that it seems to be related to Tailscale but I can’t figure out how.
If I ping 1.1.1.1, I get something like this:
$ ping -c 1 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=56 time=5.44 ms
This is consistent. In all cases, I can reach 1.1.1.1. The strange part is that if I just active Tailscale and I run nslookup I get “No answer”. So it looks like the pings can reach 1.1.1.1 (or 8.8.8.8 for that matter), but DNS isn’t going through.
I’ve tried various configurations of “global name servers”, “Override local DNS” and “Use Tailscale DNS settings” (client). I’ve tried overriding the DHCP DNS server (which is useless because its a connectivity issue, not a configuration issue). In all cases, the issue seems to be that DNS requests
However, if I select an Exit Node, DNS gets through. If I tether to my phone, DNS gets through. The network connection is from XFinity. But Googling I couldn’t find an definitive evidence that Comcast blocks DNS traffic (yes, they force you to use their server in their routers, but I’m overriding that in my nslookup).
It seems clear the traffic is getting blocked and the exit node is letting me tunnel under the blocking. But I’m curious if anybody else has seen this. It seems a shame to have to use an Exit Node constantly while on Tailscale. But that is the only solution I see so far. Any other ideas?