How to make Home Assistant resolve MagicDNS endpoints without losing the ability to resolve anything non-MagicDNS? #449
Replies: 5 comments 7 replies
-
First of all, thank you for this post, based on your steps I was able to configure TS DNS the first time ever! Then everything crashed, and spent hours to figure out the root cause... TLDR: Turn off MagicDNS, and then everything will work fine, without any tricks. Based on my experiments, I will make a PR to update the add-on docs about DNS. Comments:
This is enabled by default. So you don't need to modify this.
What will happen on other TS devices in your tailnet that has no access to your local 192.168.1.15? Does this subnet routed to other devices? Why not use the tailnet IP of this Pi-hole here on the admin page? Just for reference, what I did:
Then hassio_dns crashed and can't be restarted, supervisor crashed and restarted, nginx add-on restarted, nothing can be pinged... hassio_dns says:
This is the state, I think, where I always ended previously, without noticing, that hassio_dns is crashed!!! I've spent several hours to really reset HA DNS (ha dns reset, ha dns restart, ha host reboot, configuring HA DNS 1.1.1.1, several times), finally everything is back to it's normal state. My diagnosis is: MagicDNS after some time somehow managed to use the local configured DNS (to resolve addresses like google.com?), that is redirected to itself, loop, crash.
Verdict: disable MagicDNS globally, and TS DNS + any other DNS configured in HA starts to work as expected, though you lose the ability to access TS devices without the fully qualified domain name. |
Beta Was this translation helpful? Give feedback.
-
@david-kalbermatten @lwis @codyc1515 @2manyvcos @kernelb00t @bhovig @sinclairpaul @bjeanes @shaver I've experimented with HA + TS DNS, and based on my results I plan to update the add-on docs with a DNS section. See PR #450
Based on my experiments and TS docs digging, these are the facts I used writing the PR:
Questionable things:
|
Beta Was this translation helpful? Give feedback.
-
Using the Tailnet IP could work, didn't test that – you could also add a backup DNS entry in the admin panel, although that would mean that your traffic wouldn't be filtered when you are away from home.
This is fascinating – wouldn't disabling MagicDNS make the domain names disappear from the admin panel? Even if not, what about automatic SSL certificates? Would Tailscale renew them when the MagicDNS is off?
I think the "Override local DNS" feature is ultimately only intended as a way to force the devices in the Tailnet to use a custom DNS resolver – like when you specify the DNS servers in your home router's config and all of the network devices get it. |
Beta Was this translation helpful? Give feedback.
-
I've found the root cause and have a fix!!! PR will follow, currently is under testing. Problem:
Not solutions:
Solution:
Positive side effects:
Negative side effects:
|
Beta Was this translation helpful? Give feedback.
-
There are 2 new draft PR-s relate to this conversation, #454 and #455. Tested with AdGuard, no issues. Though I will test it with subnet routing, because #454 is still too general in my opinion, so I think it can break subnet routing on some level, better to test it before releasing it even on my forked repo users. |
Beta Was this translation helpful? Give feedback.
-
Related to
How to make Home Assistant resolve MagicDNS endpoints without losing the ability to resolve anything non-MagicDNS?
https://login.tailscale.com/admin/dns
and configure your default DNS resolver (I used my Pi-hole, but if you don't have one, then consider using one of the options available after clicking the "Add nameserver" button – then, check the "Override local DNS" option):ha dns info
– make sure that you seeservers: []
in the output – if not, runha dns reset
100.100.100.100
:fd7a:115c:a1e0::53
:ha dns restart
ping google.com
andping XXX.XXX.ts.net
in the SSH console – both addresses should resolve correctlyWhy does this work?
It seems like the second DNS server specified in Settings -> System -> Network -> IPv4 doesn't really work if the first one (
100.100.100.100
in our case) isn't. By modifying the DNS settings in Tailscale's dashboard, we are effectively forcing100.100.100.100
to use a different DNS server (Pi-hole in my case) if the specified address is not MagicDNS.See https://tailscale.com/kb/1381/what-is-quad100.
Beta Was this translation helpful? Give feedback.
All reactions