I’ve got a personal tailscale network that includes my work machine which is behind a Cisco VPN. I need to be able to resolve corporate internal machines when on my tailscale network. When I’m on the corporate VPN and I do an nslookup of myserver.div.corp.internal I get
Is this by chance a macOS device? nslookup on macOS doesn’t use the macOS framework to resolve DNS names, which means it doesn’t understand Split DNS resolvers for specific domains. It would work on the corporate network where you’re likely directed to the corporate DNS for all name resolution, but on the tailnet it will only go to the Global nameservers not any of the Split DNS nameservers.
On macOS you can use:
a browser or similar application which does use the macOS framework
dscacheutil -q host -a name myserver.div.corp.internal
Thanks, that helps. It does find the machine with dscacheutil, but now I can’t seem to connect to it. ping and ssh can’t connect.
$ dscacheutil -q host -a name myserver.div.corp.internal
name: myserver.div.corp.internal
ip_address: 10.168.214.149
$ ping -c3 10.168.214.149
PING 10.168.214.149 (10.168.214.149): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
--- 10.168.214.149 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
I get similar results when trying to connect to other servers on the corporate network. I also tried while using my work server as an exit node with “Allow local network access” checked, but no success. Any ideas?
Figured it out. Had to advertise those routes on my work exit node. I started it with sudo tailscale up --advertise-exit-node --advertise-routes 10.0.0.0/8 and now I can access work resources.