Tailscale on Linux host breaks all dns on docker containers

Tailscale version:

1.34.2
tailscale commit: 1f08176933ce9387f3bf3f428b975a7a08861a93
other commit: 56304b5392d4acd4e2555f91b74166c8a64a8d8f
go version: go1.19.4-tse6ce5b5003

Your operating system & version:
x64 Debian 11 bullseye fully updated

I’m new to Tailscale and I’m running into an issue where dns inside docker containers stops working which breaks functionality.

I have a bunch of docker containers setup and working fine for months. I then recently installed Tailscale on the host machine. I setup Tailscale to use NextDNS and on that Debian machine I setup Tailscale to be a exit node.

After a few hours I noticed some of the apps I have running in docker stopped working. Digging around a little bit I discovered that dns no longer works inside the containers. Stopping Tailscale and restarting the containers fixes the issue.

My networking skills are limited and I have no idea what causes this or how I can fix it. Any suggestions?

Thanks!

This is happening to me as well. Once MagicDNS is enabled with the abiliity to use local override, it messes up everything.

This is because docker copies over the host resolv.conf configuration file (Container networking | Docker Documentation) which tailscale rewrites (Why is resolv.conf being overwritten? · Tailscale) when MagicDNS is running on the host.

What’s slightly annoying is that I have systemd-resolved installed, which should stop tailscale from rewriting that file - but tailscale does not seem to be picking it up!