October Tailscale newsletter
👉 We’d love to hear what you think about Tailscale, and filling out this Google form helps us build a better product for you!
It’s been a BIG month at Tailscale and we’re excited to share several new features with you. First off, MagicDNS is now GA (human-readable DNS names for each device in your tailnet). Speaking of DNS… have you ever wanted to run your own DNS resolver to block ads — but don’t actually want to run your own DNS resolver? Tailscale now supports NextDNS. We’ve also been hard at work on configuration audit logs (now in beta) so you can track changes to your tailnet, and use webhooks to get notified about changes or misconfigurations. We’re also making it safer to work remotely, even if there’s an emergency, with Tailscale SSH Console — which lets users initiate a secure browser-based SSH session from any device even if Tailscale isn’t installed on that device.
If the features above sound interesting, and you happen to be looking for a new gig, Tailscale is hiring! We’re looking for driven individuals who think differently, enjoy collaborating with highly technical remote teams, and are comfortable working asynchronously. See our open roles below, and learn more about our company vision.
We’ve got lots of new community contributions and exciting new Tailscale features we’d love to tell you about, let’s check ’em out:
From the community
How Fly.io and Tailscale saved Notado
Learn the technical details of how Notado was modified to migrate from DigitalOcean to Fly.io using Tailscale to make private connections from a Fly micro VM to a DigitalOcean-managed Postgres database.
How Duolingo simplified developer onboarding with GitHub Codespaces + Tailscale
Duolingo shares how they made it easy for new developers to access private resources with Tailscale.
A CoreDNS plugin implementation for Tailscale networks
Twitter user @damomurf created a CoreDNS plugin for Tailscale to resolve Tailscale machines under your own domain, even with nice CNAMEs for virtual services.
WebVM: Linux virtualization in WebAssembly with full networking via Tailscale
Yuri Iozzelli at Leaning Technologies explains how Tailscale helped solve networking challenges in WebVM.
Identity management for WireGuard®
Jordan Webb, an LWN.net contributor, highlights open-source tools that can automate key management and make using WireGuard easier for both administrators and end users.
OmniAuth Strategy for authenticating via Tailscale
An unofficial OmniAuth Strategy for authenticating via Tailscale.
Connecti for Tailscale
Connecti is a command line tool to quickly connect you to cloud infrastructure via Tailscale.
Want to be included in future Tailscale newsletters? Tag @Tailscale in your rant, guides, or tutorials on Twitter.
From the team
MagicDNS is generally available
MagicDNS automatically registers a human-readable, easy-to-remember DNS name for each device in your tailnet, and it’s now enabled by default for all new tailnets!
What’s in a name? Why it’s called “MagicDNS” and how it actually works
Go behind the scenes with the team to discover how MagicDNS works and why we named it what we did.
Use NextDNS everywhere you use Tailscale
With NextDNS and Tailscale, configure DNS exactly how you want, including blocking ads and trackers, or setting up kids’ profiles. Use NextDNS for all the devices in your tailnet, including mobile devices.
Use configuration audit logs (beta) to track changes in your tailnet
Understand what changes were made to your Tailscale network, and who made them, with configuration audit logs.
Introducing a web-based SSH client: Tailscale SSH Console
SSH from your browser to devices on your Tailscale network. Initiate a secure browser-based SSH session from any device, even if you aren’t running Tailscale on that device.
Get notifications for events on your tailnet with webhooks
Get notifications for events on your tailnet with webhooks. You can configure webhooks to be sent to any HTTPS endpoint — for example, receiving notifications of changes to your ACLs in a Slack channel.
Don’t make databases available on the public internet
Tailscale’s Dave Anderson addresses an excellent review of PostgreSQL security by the folks at bit.io. Turns out, the vast majority of PostgreSQL connections that are happening over the public internet are insecure… but Tailscale can help!
Better Living Through Small Networks [video]
Tailscale CEO Avery Pennarun sat down with dojo.live to talk about how the internet can be a dangerous place, and what we might be able to do to make it better.
The Kubelist Podcast (ep. 33)
Tailscale CEO @apenwarr explores VPNs, mesh-overlay networks, Tailscale use cases, and lessons from 20+ years in development with @mccode of the Kubelist Podcast @readkubelist.
Tailscale customer stories
Learn how Tailscale simplifies networking and brings peace-of-mind to teams of any size.
How Mercari improved accessibility, security, and made VPNs simple with Tailscale
Tokyo-based e-commerce company Mercari switched to Tailscale for its VPN solution and concludes: “It’s like magic.”
Machinify gets HITRUST with low overhead using Tailscale SSH and ACLs
Machinify rolled out Tailscale to help meet strict healthcare compliance requirements. Machinify principal engineer Gavin Ray reflects: “It was the most joyous experience I’ve had with any commercial product.”
Tailscale learning library
We are building a learning library to help folks at any stage in their career. If you have a topic you’d like to see covered, send us a tweet @Tailscale.
Identity and access management
Identity and access management (IAM) helps keep your organization’s resources and information secure. Learn the principles of IAM and best practices for implementing it.
That’s all for now. Stay well!
🔈 P.S. Leaving a review on G2 helps more teams find Tailscale. We don’t ask this often — but we’d really appreciate it if you took the time to put in a good word.