[Bug] Tailscale Exit Node DNS Doesnt Provide DNS

[W1BTR]

Is this a support request?

• [X] This is not a support request

Is there an existing issue for this?

• [X] I have searched the existing issues

Current Behavior

When connected to an exit node that is routing all traffic through said node, I cannot access the public internet as DNS does not work.

• I can run nslookups with 1.1.1.1 and google.com and they succeed
• I cannot ping 1.1.1.1 as it responds with a dns lookup error
• I can access local devices and internet-connected servers via their ip address

If I disable Tailscale DNS

• DNS works as expected, but is not under the control of headscale.

Note I am only able to test this with the exit node on windows and the client running android.

Expected Behavior

Using the tailscale dns, my headscale server should route traffic to 1.1.1.1 as is in the config.

Steps To Reproduce

1. Set up basic headscale server
2. set the dns servers in the config
3. Run an exit node
4. Connect a device to the exit node with tailscale dns enabled
5. DNS no worky.

Environment

- OS: Windows 10 & Android
- Headscale version: 0.23.0-beta
- Tailscale version: 1.70.0

Runtime environment

• [X] Headscale is behind a (reverse) proxy
• [X] Headscale runs in a container

Anything else?

No response

[kradalby]

Does this happen with the alpha, if it does not, I would think this is the same issue as https://github.com/juanfont/headscale/issues/2026

[W1BTR]

I'm not using the custom nameservers mentioned in that issue (setting a custom ip for a domain in the headscale config), but it might be related.

Ill try in the alpha and report back this week.

[W1BTR]

Can confirm, alpha-12 does not have this issue.