Tailscale overrides local DNS on one host only and the nameserver does not respond

Raspberry Pi
1

I’m running Tailscale on a Raspberry Pi 3 B on an older Raspbian 10 as the power behind a homemade MagicMirror. I started noticing that mirror modules were failing claiming the network was down. It can’t be DNS, can it? It was DNS. Probably MagicDNS.

Once I run sudo tailscale up, /etc/resolv.conf is replaced by (the 'x’s are my redactions)

search xxxxx.ts.net xxxxx.xxxxx.beta.tailscale.net local
nameserver 100.100.100.100

The 100.100.100.100
If I go sudo tailscale down, /etc/resolv.conf becomes

# Generated by resolvconf
domain local
nameserver xxx.xxx.1.10
nameserver 1.1.1.2
nameserver 1.0.0.2

I haven’t enabled “Override Local DNS”, and other nodes (a Synology NAS, and a MacOS device) do not exhibit the same behavior. Now, the next part does not happen all the time but I have not yet found a pattern (and it stopped happening while I was gathering information to write this o.O)

x@raspberrypi:~ $ ping google.com
ping: google.com: Temporary failure in name resolution
2

100.100.100.100 is a tiny DNS server running within the tailscaled process. The implementation of DNS handling varies substantially by platform. If tailscaled can’t configure the OS to handle the combination of global nameservers, local nameservers, and split DNS domains, it will instead use 100.100.100.100 and the fanout to different DNS servers will be handled within tailscaled.

For example:

  • Windows can use its Name Resolution Policy Table to handle any DNS configuration Tailscale can generate, and doesn’t use 100.100.100.100.
  • macOS and iOS can handle most combinations without 100.100.100.100, except complex Split DNS configurations
  • Linux with systemd-resolved can handle any DNS configuration Tailscale can generate.
  • Linux with NetworkManager, resolved, or glibc /etc/resolv.conf will be set to use 100.100.100.100
  • Android always uses 100.100.100.100.

If you don’t want 100.100.100.100 to be used and are willing to run systemd-resolved, I believe raspian can enable it like so:

sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
sudo systemctl enable systemd-resolved