Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] DNS not working when using #2234

Open
3 of 4 tasks
myOmikron opened this issue Nov 12, 2024 · 8 comments
Open
3 of 4 tasks

[Bug] DNS not working when using #2234

myOmikron opened this issue Nov 12, 2024 · 8 comments
Labels
bug Something isn't working

Comments

@myOmikron
Copy link

Is this a support request?

  • This is not a support request

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

When setting an exit-node on any client, DNS to external addresses isn't working anymore.

Steps tried:

  • Ping public IP: Working
  • Ping internal IP: Working
  • Resolve public domain using 100.100.100.100: Not working
  • Resolve internal domain using 100.100.100.100: Working
  • Manually setting DNS to public DNS: Working

When using public DNS, using tools like https://whatismyipaddress.com/, I can verify that I'm using the exit node as intended. I guess this is also the case when using MagicDNS, but as no public address is resolved, I can't check this right now.

Expected Behavior

DNS working regardless of usage of a exit-node

Steps To Reproduce

tailscale set --exit-node <exit-node>

Environment

- OS: Arch Linux
- Headscale version: v0.23.0
- Tailscale version: 1.76.6
  tailscale commit: 439305eeeda64a1851e8b775724ff1fbbd713207-dirty
  go version: go1.23.2

Also verified on Android with the tailscale App from google play store.
- Tailscale version: 1.76.2 (Oct. 17 2024)

Runtime environment

  • Headscale is behind a (reverse) proxy
  • Headscale runs in a container

Anything else?

No response
@myOmikron myOmikron added the bug Something isn't working label Nov 12, 2024
@myOmikron
Copy link
Author

Additional information:

Got it to working after installing systemd-resolved and linking its stub-resolve to /etc/resolve.conf like proposed in tailwinds article about Linux DNS systems on the exit-node.

@nblock
Copy link
Collaborator

nblock commented Nov 16, 2024

Got it to working after installing systemd-resolved and linking its stub-resolve to /etc/resolve.conf like proposed in tailwinds article about Linux DNS systems on the exit-node.

Thanks for the update, is your issue now fully resolved?

For others with DNS related issues: recent tailscale versions have a command to print the DNS status which might be helpful for debugging: tailscale dns status

@myOmikron
Copy link
Author

I don't think so.

The behavior I described was broken with a resolv.conf generated by tailscale, which pointed DNS to 100.100.100.100. As DNS should happen on my client machine asking 100.100.100.100 directly, I think the exit-node shouldn't have anything to do with resolving.

@nblock
Copy link
Collaborator

nblock commented Nov 22, 2024

I don't think so.

I assume that /etc/resolv.conf was statically configured and tailscale overwrites the file on startup. Can you provide some logs during startup and then when you enable/disable the exit node? Given that you want to go back from systemd-resolved to a statically managed /etc/resolv.conf. DNS related configuration of your headscale might also be interesting.

@tho22
Copy link

tho22 commented Nov 22, 2024

Same problem here when --accept-dns=true
internal names are resolved. external ones are not :

$ dig nb-715.example.com @100.100.100.100 +short
10.197.4.3     ###<-- same with the 100.64 Net
$ dig google.com @100.100.100.100
;; communications error to 100.100.100.100#53: timed out
$ dig google.com @1.1.1.1 +short
142.251.36.238

config.yaml snippet:

dns:
  magic_dns: true
  #  magic_dns: false
  base_domain: example.com
  override_local_dns: true
  #override_local_dns: false
  nameservers:
    global:
      - 1.1.1.1

status on the client:

$ tailscale version
1.76.6
  tailscale commit: 1edcf9d466ceafedd2816db1a24d5ba4b0b18a5b
  other commit: d0a6cd8b27eb46f6dec31425499159f7949be7f9
  go version: go1.23.1
  
$ tailscale dns status

=== 'Use Tailscale DNS' status ===

Tailscale DNS: enabled.

Tailscale is configured to handle DNS queries on this device.
Run 'tailscale set --accept-dns=false' to revert to your system default DNS resolver.

=== MagicDNS configuration ===

This is the DNS configuration provided by the coordination server to this device.

MagicDNS: enabled tailnet-wide (suffix = example.com)

Other devices in your tailnet can reach this device at nb-715.example.com

Resolvers (in preference order):
  - 1.1.1.1

Split DNS Routes:

Search Domains:
  - example.com

=== System DNS configuration ===

This is the DNS configuration that Tailscale believes your operating system is using.
Tailscale may use this configuration if 'Override Local DNS' is disabled in the admin console,
or if no resolvers are provided by the coordination server.

  (reading the system DNS configuration is not supported on this platform)

[this is a preliminary version of this command; the output format may change in the future]

Server run on docker headscale/headscale:0.23.0
any ideas?

@nblock
Copy link
Collaborator

nblock commented Nov 22, 2024

Same problem here when --accept-dns=true internal names are resolved. external ones are not :

Do you use an exit node?

@tho22
Copy link

tho22 commented Nov 22, 2024

Same problem here when --accept-dns=true internal names are resolved. external ones are not :

Do you use an exit node?

Yes, this problem only exists with exit node constellations.
For me, I have a workaround.
Instead of using "--advertise-exit-node", I use the routing for all "--advertise-routes=0.0.0.0/1,128.0.0.0/1,::/1,8000::/1".

@baiyz0825
Copy link

i have the same problem , i check the tailscale outpot ,in my client use exit node A ,controler config the router

ID | Node          | Prefix         | Advertised | Enabled | Primary
5  | vm-0-8-ubuntu | ::/0           | true       | true    | -
6  | vm-0-8-ubuntu | 0.0.0.0/0      | true       | true    | -

tailscale dns status outpput below:

=== 'Use Tailscale DNS' status ===

Tailscale DNS: enabled.

Tailscale is configured to handle DNS queries on this device.
Run 'tailscale set --accept-dns=false' to revert to your system default DNS resolver.

=== MagicDNS configuration ===

This is the DNS configuration provided by the coordination server to this device.

MagicDNS: enabled tailnet-wide (suffix = headscale.vitrul)

Other devices in your tailnet can reach this device at baiyz-laptop.headscale.vitrul

Resolvers (in preference order):
  - 223.5.5.5
  - 8.8.8.8
  - 1.1.1.1
  - 2400:3200::1
  - 2001:4860:4860::8888
  - 2606:4700:4700::1111
  - 2606:4700:4700::1001

Split DNS Routes:

Search Domains:
  - headscale.vitrul

=== System DNS configuration ===

This is the DNS configuration that Tailscale believes your operating system is using.
Tailscale may use this configuration if 'Override Local DNS' is disabled in the admin console,
or if no resolvers are provided by the coordination server.

Nameservers:
  - 192.168.94.232

Search domains:
  (no search domains found)

[this is a preliminary version of this command; the output format may change in the future]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nblock @myOmikron @tho22 @baiyz0825