Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tailscale: fix broken DNS on IPv6 only tailnets
Browse files Browse the repository at this point in the history
When a tailnet has the disableIPv4 settings it will not deploy IPv4, resolving any ts.net address is broken because 100.100.100.100 is not reachable.

https://tailscale.com/kb/1337/acl-syntax#disableipv4

Co-authored-by: Michael Hoang <Enzime@users.noreply.github.com>
Co-authored-by: Sam <30577766+Samasaur1@users.noreply.github.com>
3 people committed Jan 1, 2025
1 parent 71a3a07 commit cc95d5c
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions modules/services/tailscale.nix
Original file line number Diff line number Diff line change
@@ -33,15 +33,15 @@ in
1. at least one DNS server is added
2. `Override local DNS` is enabled
As this option sets 100.100.100.100 as your sole DNS server, if the requirements above are not met,
As this option sets 100.100.100.100 and fd7a:115c:a1e0::53 as your sole DNS servers, if the requirements above are not met,
all non-MagicDNS queries WILL fail.
'';
};
};

config = mkIf cfg.enable {
assertions = [{
assertion = !cfg.overrideLocalDns || config.networking.dns == [ "100.100.100.100" ];
assertion = cfg.overrideLocalDns -> (builtins.elem config.networking.dns "100.100.100.100" || builtins.elem config.networking.dns "fd7a:115c:a1e0::53");
message = ''
DNS servers should be configured on the Tailscale control panel when `services.tailscale.overrideLocalDns` is enabled.
@@ -61,10 +61,13 @@ in
};
};

networking.dns = mkIf cfg.overrideLocalDns [ "100.100.100.100" ];
networking.dns = mkIf cfg.overrideLocalDns [ "100.100.100.100" "fd7a:115c:a1e0::53" ];

# Ensures Tailscale MagicDNS always works even without adding 100.100.100.100 to DNS servers
environment.etc."resolver/ts.net".text = "nameserver 100.100.100.100";
environment.etc."resolver/ts.net".text = ''
nameserver 100.100.100.100
nameserver fd7a:115c:a1e0::53
'';

# This file gets created by tailscaled when `Override local DNS` is turned off
environment.etc."resolver/ts.net".knownSha256Hashes = [

0 comments on commit cc95d5c

Please sign in to comment.