I have a machine that advertises subnet routes. It’s called bastion. With Magic DNS, it’s pretty cool because I can ssh to it using ssh user@bastion so that I don’t need to remember or copy&paste the IP.
Additionally, in the advertised subnet, I have a bunch of HTTP servers running on different IPs. These IPs and ports are static.
What would be the recommended way of resolving names like my-server.bastion to specific IPs within the advertised subnet? Is such a feature planned in Tailscale as a kind of extension to Services or Magic DNS?
One thing I would like to try is to run a DNS server on my bastion where I would maintain the configuration. Next, on each machine I will configure *.bastion subdomains to be resolved using that DNS server. It should work but it won’t be easy to maintain, especially the latter part as it needs to be configured manually on many machines.
Tailscale might eventually discover nodes on subnets which it is advertising routes to, perhaps using mDNS or similar protocols, but this is not imminent.
If the addresses are static, one way to handle it would be to set up a DNS server like Unbound. Split DNS in https://login.tailscale.com/admin/dns can be used to make one specific domain name point to the Unbound DNS server for resolution, while any other domain uses the regular global DNS servers. DNS in Tailscale · Tailscale
Thanks @DGentry. I tried to follow your suggestion and I ended up with the following configuration.
In the admin panel, I configured a namesever 10.186.0.5 with Split DNS for k8s-playground.dev domain.
I am running a DNS server on that machine which I configured with the same k8s-playground.dev domain. I can resolve it successfully from my local host:
➜ dig @10.186.0.5 www.k8s-playground.dev
; <<>> DiG 9.10.6 <<>> @10.186.0.5 www.k8s-playground.dev
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35555
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.k8s-playground.dev. IN A
;; ANSWER SECTION:
www.k8s-playground.dev. 300 IN A 10.186.0.5
I also have a simple HTTP server running on that machine. I can request it using the IP directly:
I would expect that to work. Could you send either the Tailscale IP address of the node, or the email address you use with Tailscale, so support@tailscale.com and we can look up what is happening?
@DGentry I am not sure what happened but I tried the same curl command as above today before sending an email and it worked! Maybe some configuration propagation? DNS cache on my laptop (macOS)?
If you still want to debug this, I can send an email to the support with the requested details. Otherwise, thank you a lot for prompt replies and helping with me this use case.