search

tailscale / tailscale

The easiest, most secure way to use WireGuard and 2FA.
https://tailscale.com
BSD 3-Clause "New" or "Revised" License
17.06k stars 1.3k forks source link

[Bug] 1.60.1 Android cannot resolve MagicDNS CNAME #12089

Open parkr opened 3 weeks ago

parkr commented 3 weeks ago

What is the issue?

Rather unusual: my Onyx Boox Page cannot resolve MagicDNS via CNAME like my other machines:

  1. ❌ CNAME feed.bx.parkermakes.tools -> baymax.<tailnet>.ts.net (set in public DNS, works for me on macOS, iOS, and iPadOS)
  2. ✅ A feed.bx.parkermakes.tools -> (100.x.x.x Tailscale IP of above machine, set in my Pi-Hole Local DNS settings)

Device: Onyx Boox Page running Android 11

DNS Settings:

  1. MagicDNS: Enabled ✅
  2. Search Domains: tailnet domain, parkermakes.tools
  3. Override Local DNS: Enabled ✅
  4. Nameservers: 100.100.100.100, Tailnet IP of in-home Pi-hole, Tailnet IP of VPS-hosted Pi-hole.

Steps to reproduce

  1. Install Tailscale for Android 1.60.1 from AuroraStore
  2. Log in via QR code
  3. Open admin console on another device and Allow device to join tailnet.
  4. See that Tailscale loads full list of devices connected to tailnet.
  5. Open browser
  6. Enter problematic domain
  7. 💥 Domain which CNAME's to <machine>.<tailnet>.ts.net does not resolve to Tailnet IP address of that machine
  8. Open Pi-Hole admin console on another device, Local DNS > DNS Records, and set problematic domain to private Tailnet IP of the target machine
  9. Open browser
  10. Enter problematic domain
  11. ✅ Domain now resolves perfectly fine to machine on my Tailnet

Are there any recent changes that introduced the issue?

Not that I know of.

OS

Android

OS version

Android 11

Tailscale version

1.60.1

Other software

Target machine runs nginx and uses LetsEncrypt Cloudflare DNS challenges to pull in HTTPS certs.

Bug report

BUG-862ee2088bdd4ba864d86b6e2a6eca3eaca2e6b76b310a6946f6afbce3260500-20240510152724Z-176ab5df36878edc

shladek commented 3 weeks ago

This sounds a lot like #7650

parkr commented 3 weeks ago

It sure does.

If the IP addresses of my machines never changed, I could easily set them up in Pi-Hole. However, they do change with some regularity (I recently had to update one of my Nameservers since the machine got a new Tailnet IP). That means it's not as easy as setting up Local DNS entries in Pi-Hole and having everything working in perpetuity. I'd need to update both my Pi-Hole instances regularly with the new IP addresses.

agottardo commented 3 weeks ago

Have you tried to reproduce on 1.66 (the current beta version on Play Store)?