Some DNS (not all) stops working using exit node

SUPPORT QUESTIONS
1

Tailscale version 1.14.3
Fedora 34

Inside my Tailnet I have a Synology NAS, an Android phone, a ThinkPad X1 Nano running Fedora 34, and an Always Free Oracle Cloud instance I use as my exit node. MagicDNS is on and looks like this:
billede

The OCI instance is set up with sudo tailscale up --advertise-exit-node --accept-routes --reset. It has a Tailnet IP of 100.97.186.66.

From my laptop I use sudo tailscale down && sudo tailscale up --reset --exit-node=100.97.186.66 --accept-routes to connect.

The Synology NAS is acting as a subnet router to my local LAN with sudo /volume1/@appstore/Tailscale/bin/tailscale up --advertise-routes=192.168.99.0/24 --reset. I can confirm the issue exists with or without the --advertise-routes flag.

I am encountering some very odd behavior around certain services I use. The first is when attempting to install package from the Nixpkgs repository using, for example, nix-env -iA nixpkgs.bpytop, it can’t resolve DNS:

querying info about '/nix/store/zz9y0ijs1kxr02xrr0yr1rp1ncmja4m1-bpytop-1.0.67' on 'https://cache.nixos.org'...
downloading 'https://cache.nixos.org/zz9y0ijs1kxr02xrr0yr1rp1ncmja4m1.narinfo'...
warning: unable to download 'https://cache.nixos.org/zz9y0ijs1kxr02xrr0yr1rp1ncmja4m1.narinfo': Couldn't resolve host name (6); retrying in 314 ms

The second is that if I use https://app.element.io to connect and sync with my Matrix homeserver, it works but any client on my machine will fail, both from the same laptop. That’s really puzzling to me.

Here’s my machine list (sorry for the imgur link but new users can only embed one image):

1120×505 46 KB

cat /etc/resolv.conf on the laptop:

nameserver 192.168.99.1
nameserver 192.168.99.1
nameserver 192.168.130.11
search .

How do I debug this?

2

I can’t edit my old post because it transformed my imgur link into an embed and now it exceeds one embed.

Anyway! Here’s cat /etc/resolv.conf on the OCI instance acting as exit node:

nameserver 127.0.0.53
options edns0 trust-ad
search vcn07281233.oraclevcn.com $username.github.beta.tailscale.net
3

The laptop is using tailscale up --reset --exit-node=100.97.186.66 --accept-routes

The exit node feature was primarily designed for the case where one is out and about, perhaps on a public Wi-Fi network which is not fully trusted. As such, it blocks access to the local LAN: no contact with other devices on the public Wi-Fi network.

The laptop’s DNS servers are all 192.168.x.x addresses, which seem like local LAN addresses.

I’d suggest adding --exit-node-allow-lan-access=true to the tailscale up arguments on the laptop. This will let it reach the DNS servers in /etc/resolv.conf.