Internal name resolution

I am so close to having this all working! I am new (today) to Tailscale so this may be a noob question.

I have 2 remote networks with various devices on each, all with Tailscale running - mix of Windows, MacOS, iOS and Linux. I can’t work out how to ssh over the vpn from network A to network B using hostnames, via IP it works fine.

If I try from my phone (so not on a NATd network) I can connect to devices by host name fine, so my problem appears to be related to the NAT and/or DNS.

Can anyone offer any hints for how to set this up? I have played around with MagicDNS but it makes no difference, although I only added 192.168.1.1 to the name server list on the admin console (it is the same DNS ip on each network

Hmm. Does it make any difference if you use a public DNS server, such as CloudFlare’s 1.1.1.1 or Google’s 8.8.8.8?

Hi Ross - thanks for the response.

Do you mean putting external DNS as the nameservers under the Magic DNS section? And would this change require me to restart the tailscale service on every endpoint to pick up new settings from the admin console?

local DNS for each device uses their local router which in turn uses their ISPs DNS service.

That’s correct. Magic DNS falls back to the DNS servers you define in the admin panel, and I’m curious if there’s something about your local ISPs DNS that might be complicating things. Adding 1.1.1.1 or 8.8.8.8 to the top of the nameserver list on that page should be enough — no need to restart any devices or services.

If I try from my phone (so not on a NATd network) I can connect to devices by host name fine, so my problem appears to be related to the NAT and/or DNS.

If you use your phone while connected to one of the NAT’d networks, does that change the behavior? Is your phone no longer able to resolve hostnames too?

My iOS device on the WiFi of a NAT’d network can resolve hostnames on the remote NAT’d network just fine. But from a Mac or Windows desktop I am unable to. i added 1.1.1.1 as the only nameserver on the list but it made no difference.

I’ve tried SSH, ping and nslookup from my clients but none work. the response from nslookup is:

C:\Users\danie>nslookup pimadrid
Server:  UnKnown
Address:  100.100.100.100

*** UnKnown can't find pimadrid: Non-existent domain

C:\Users\danie

and here is what PuTTY shows:

image

Hmm. I’m still not sure, but this sounds like an issue with Magic DNS, not with the NAT’d networks. Looking at our logs, you don’t seem to have a device on your network with the name pimadrid. There is a PIDIRDAM. Does this query return a resolved domain?

nslookup pidirdam

Another thing to check: what’s the result of the “DNS Suffix Search List” field when you run:

ipconfig /all

You should see an entry that looks like: <email>.beta.tailscale.net. Devices using Magic DNS have a FQDN of <hostname>.<email>.beta.tailscale.net, and we automatically add a search path so you can just type <hostname> instead. If this search path isn’t being added for some reason, you won’t be able to access devices. (More details in our KB)

argh, my bad. i typed the hostname wrong. however, with the correct hostname it still doesn’t work:

C:\Users\daniel>nslookup pidirdam
Server: UnKnown
Address: 100.100.100.100

*** UnKnown can’t find pidirdam: Non-existent domain

Here is the output of ipconfig:

Windows IP Configuration

Host Name . . . . . . . . . . . . : AIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : .live.com.beta.tailscale.net.broadband

Unknown adapter Tailscale:

Connection-specific DNS Suffix . : [remove].live.com.beta.tailscale.net.
Description . . . . . . . . . . . : Tailscale Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::99d0:ec2d:b2e7:536b%44(Preferred)
IPv4 Address. . . . . . . . . . . : 100.107.103.83(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 100.100.100.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
.live.com.beta.tailscale.net.

Wireless LAN adapter WiFi:

Connection-specific DNS Suffix . : broadband
Description . . . . . . . . . . . : Qualcomm Atheros AR9485 Wireless Network Adapter
Physical Address. . . . . . . . . : 1C-3E-84-C8-2E-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b035:2d19:36b0:1cd2%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.117(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 01 December 2020 20:50:45
Lease Expires . . . . . . . . . . : 02 December 2020 20:50:58
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 152845956
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-9A-F2-65-00-25-AB-3A-F8-9C
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Okay — it seems like the search path is being added. If the proper device name doesn’t work, what about this? (replacing the <removed> portion.)

nslookup pidirdam.<removed>.live.com.beta.tailscale.net

Also, are you running WSL on this Windows device?

I’m not running WSL anywhere. Here are results from a brand new Win10 install in VirtualBox:

Microsoft Windows [Version 10.0.17763.253]
(c) 2018 Microsoft Corporation. All rights reserved.

C:\Users\danie>nslookup pidirdam
Server: UnKnown
Address: 100.100.100.100

*** UnKnown can’t find pidirdam: Non-existent domain

C:\Users\danie>nslookup pidirdam..live.com
Server: UnKnown
Address: 100.100.100.100

Non-authoritative answer:
Name: a-0010.a-msedge.net
Addresses: 2620:1ec:c11::212
204.79.197.212
Aliases: pidirdam..live.com

C:\Users\danie>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : WIN10-MAC-VDI
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : .live.com.beta.tailscale.net.
broadband

Unknown adapter Tailscale:

Connection-specific DNS Suffix . : .live.com.beta.tailscale.net.
Description . . . . . . . . . . . : Tailscale Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::99d0:ec2d:b2e7:536b%8(Preferred)
IPv4 Address. . . . . . . . . . . : 100.111.227.79(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 100.100.100.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
.live.com.beta.tailscale.net.

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : broadband
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : 08-00-27-E2-7D-3A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fdd2:9ffa:7eb0:fe87%6(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.2.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 02 December 2020 09:05:17
Lease Expires . . . . . . . . . . : 03 December 2020 09:05:19
Default Gateway . . . . . . . . . : 10.0.2.2
DHCP Server . . . . . . . . . . . : 10.0.2.2
DHCPv6 IAID . . . . . . . . . . . : 50855975
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-58-33-EC-08-00-27-E2-7D-3A
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Users\danie>

OK, this is interesting… thinks seem to be working now when I use the name pidirdam.[firstpartofmyemail].live.com.beta.tailscale.net

Thanks for all your help, not sure exactly what it was.

the only thing I can’t seem to get working now is sending the browser on an endpoint on NAT A to the proxy server residing in NAT B. Is there a way to set up a full tunnel, or configure a proxy for all communications with TailScale?

I can telnet to the proxy port on the other network, so i have connectivity.

Glad to hear you’re able to connect to them.

It’s still strange that the search path isn’t working correctly. This sounds like this bug, which we thought was fixed for Windows 10. If you don’t mind sharing screenshots like those from this comment that would help us debug further.

the only thing I can’t seem to get working now is sending the browser on an endpoint on NAT A to the proxy server residing in NAT B. Is there a way to set up a full tunnel, or configure a proxy for all communications with TailScale?

Currently, you can’t route all your traffic through Tailscale, only traffic to other Tailscale nodes. However we’re working on allowing this. Earlier today a member of our team shared a working demo of this over IPv4, so it shouldn’t be too long. This Github issue has updates, but I’ll also add you to a list of people to notify via email when it’s ready.

thanks. my screenshots are identical to the ones in top line of that bug report. everything set to auto - the only difference i have is that in the final screenshot i have no DNS suffixes configured at all

regarding the full tunnel part. i tried setting up a WinInet proxy which should work but kicks in before Tailscale can connect so the service can then not get a connection to the internet. i found that Firefox allows you to set a proxy different from whatever is set in the OS and this allows traversal over tailscale, so i’m all good to go now!

appreciate the help!