I am trying to setup the following tailnet.
node1: runs as exit node
node2: exposes some subnets (also runs as exit-node but it is only use as such sporadically)
other nodes: use node1 to route Internet traffic and also have access to nodes within the subnet node2 exposes. I run those enabling
--accept-routes to ensure I see the nodes in the subnet that node2 exposes. One of those nodes is my laptop.
I also have a simple ACL enabled that basically let’s certain nodes access everything and block access for the other ones. My laptop can access anything in the tailnet.
My laptop uses the node1 as exit node.
My internet traffic is flowing through node1. Great.
I can ping hosts (by IP) in the subnet that node2 exposes. Fantastic.
I cannot ping the same machines using the hostname. Argc!
But that makes sense. In order to resolve hostnames from the subnet that node2 exposes I need to use a DNS server from within that network. So, I go ahead and setup split dns from the TS console for machines in the domain that node2 exposes. Great… except when I ping again after setting split dns, I get a resolve failure:
$ ping machine.somedomain.net ping: cannot resolve machine.somedomain.net: Unknown host
Notice I can use
dig to resolve the hostname via the DNS server that node2 exposes just fine:
➜ dig @ip-of-the-dns-server-in-subnet machine.somedomain.net ... ;; ANSWER SECTION: machine.somedomain.net. 3600 IN A the ip address here ...
Notice that if I switch the exit-node to the second node, then things work as expected and I can query hosts in the subnet by hostname. But then all my Internet traffic uses that node which is not what I want in most cases.
Does anyone have suggestions on how I can fix this so I can access the hostnames in the subnet node2 exposes?