Split DNS Magic with Tailscale – Access remote services from anywhere!
Tailscales Split DNS function within the MagicDNS feature allows us to access devices by name, not IP. But what if we could also access any service running in a remote subnet via a Tailscale subnet router? That’s what we’ll cover in today’s video.
– Blog post – https://blog.ktz.me/splitdns-magic-with-tailscale/
– Tailscale MagicDNS blog – https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
– Tailscale MagicDNS documentation – https://tailscale.com/kb/1081/magicdns/
– https://blog.ktz.me/fully-automated-dns-and-dhcp-with-pihole-and-dnsmasq/
===
🎙️ https://selfhosted.show podcast
📱 twitter @ironicbadger
🦣 mastondon techhub.social/@ironicbadger
📓 https://blog.ktz.me
💾 https://perfectmediaserver.com
🧑🏽💻 https://github.com/ironicbadger
🎹 Intro Music – Joe Ressington
===
00:00 – Intro
01:10 – What is Split DNS?
05:06 – Demo – Brand new Tailnet
06:26 – Demo – Things work locally without Tailscale
07:36 – Demo – Installing Tailscale on OPNsense
09:14 – Demo – Enable Subnet Router
12:11 – Demo – Enabling SplitDNS
16:30 – Demo – DNS Wildcards
21:30 – Tailscale Pricing Changes
22:00 – Rules are made to be broken
22:41 – Outro
by KTZ Systems
linux dns server
I normally don't bother leaving comments on YouTube, but this is excellent stuff. Thank you, sir.
Good work, thnx for sharing.
But it seems to me that this only works by advertising a subnet. If I have tailscale installed in all my nodes (one one of those is my bind9 dns server) the best I can do is set up a search domain and use that.
Thanks Alex,
The bit I was missing was adding the local dns server for a specific site or domain. Cheers!
Very helpful. Thank you!
cool. can we just use Cloudflare to manage the local DNS?
Thank you so much, I've been trying so hard for the past week and turns out it was much easier than I thought. At first it didn't worked but after 15-30 minutes everything would resolve. Probably some propagation or I don't know.
Just wanted to say how good of a tutorial this is. It breaks down everything into simple understandable parts and you give examples for everything. Well done sir.
This is awesome. Would love to see/read more on the reverse proxy part of this!
Beautifully explained. Worked like a charm. Awesome Vid.
Can this be integrated with Headscale?
Hi. Great video. One question. Why do you use pihole and not unbound in OPNSense?
Hi Alex, thanks for this very nice video! I used many different dns-overlay-network-solutions like tailscale, zerotier, twingate, cloudflare tunnel, netmaker, netbird and so on… Actualy I use zerotier, because itcan be integrated to opnsense through web-gui, with separate interface and so with dedicated firewal-rules. A year ago I tried tailscale, but the performance was really bad (my case: I wanted to weekly backup a 4 GB file from my public mailserver to my internal backup-server) and I had interrupts and it took hours, though I have enough bandwicht up and down. I think it was because nat-traversal – it´s descriped in the tailscale documentation, but espesially for the opnsense the documetation doesn´t show a proper way to solve this issue. Ho did you solve this in your opnsense?
Your Video help me out alot i am useing talscale and bind9
Great content. Very helpful. Thank you!
Wow, thank you a lot for this video! I was struggling to understand the DNS settings in Tailscale but you made it really clear. My goal was to be able to use the same local urls on my tailscale network as I’m using on my local network (setup in pihole local DNS). By the looks of it, it shouldn’t be that difficult after watching this. You just got a new sub, I really like the format and you deserve way more subscribers mate! ⭐️ ⭐️ ⭐️ ⭐️ ⭐️
Great video, I've stolen your dns naming scheme.
Q: If you have multiple sites (fam members homes) all joined to the same tailnet, doesn't that create its own security issues with lateral movement? Also is this solution dependent on each site having OpnSense and pihole locally? That seems like a havy maintenance overhead.
I have 4 fam homes but each home in their own tailnet to keep them separated and tailscale on each users device. The subnet router option looks like a better solution and i guess gives me access to devices that can't install tail-scale right?
In my home lab I just setup tailscale and used Duckdns with nginx so if I connect to tailscale then I just use Duckdns api to switch ip
Wish tailscale would allow me to access my dell server's idrac. I get a connection refused error if I use tailscale
Thank you so much for making this. I love the Self-Hosted podcast and you are just proving here how Tailscale is such a great sponser to have!
question : how's your computer dns is configured to use tailscale dns, normaly all computers are configured to use public dns like google cloudflare …etc, but in your case i don't understand the way your computer request dns from tailsclae you need to show use the dns configuration for client computers side ???
In the video your internal services were using HTTPS. Do you have any information on how you set this up without exposing ports to the internet? You mentioned you are using Caddy. Are you using self signed certificates with a local CA? I've used SWAG from linux server previously, but want to move away from having an exposed ports. Thanks for the great video!
Well done; thank you for the info.
needless to say its the best so far.
Great video! Any reason you can't just use opnsense as the DNS server (using host overrides) and achieve similar results?
Great overview, very clear and informative. Tailscale has been a gateway for a new interest in networking and self-hosting, and I think this video has sold me on running more infrastructure at home
great video but plz plz hide the flashy switch in the background, sooo distracting
Hi,
Do you have and idea of it is possible to join two networks together? Like my parents and my network have like one DHCP server ideally over tailscale?