DNS in Tailscale

By default, Tailscale provides each device with a unique, stable IP address. However, IP addresses aren’t very memorable, and can be unwieldy to work with. Like the internet at large, it’s possible to map Tailscale IPs to human readable names by using DNS.

Magic DNS

Tailscale can automatically assign DNS names for devices in your network. This feature, called “Magic DNS” is now in open beta. Read more about Magic DNS

Using the DNS tab in the admin console

Tailscale’s admin console has a DNS pane that lets you configure three settings:

  • Magic DNS: whether or not your network will use the Magic DNS beta to automatically assign DNS names to devices in your network.

  • DNS IP addresses: these are the IP addresses of existing DNS servers you want your Tailscale nodes to use for lookups, whenever they are connected to your network. Many companies have internal private DNS servers with the names of their private machines. If so, you can add those DNS servers here. Note that unless your DNS servers are either public, or using Tailscale 100.x addresses, you will probably need to configure subnet routing so that your nodes can reach the private DNS server(s).

  • Search paths: these are default domain suffixes to search when looking up names. If your search path is “example.com” and you try to ping a machine named “hello”, then DNS on your node will search for “hello.example.com” automatically.

Using these settings, you can point your Tailscale nodes at a DNS server that you control, in a subdomain that you control. Then you can manually define DNS names that match the various servers you want to reach on your Tailscale network. It’s a bit tedious, but it works.

Using a public DNS subdomain

Alternatively, you can leave the admin console DNS settings blank, and instead publish records on your public-facing DNS server, assuming you have one. The DNS names can be looked up (converted to a private IP address) by anyone on the Internet, but this is relatively harmless since they won’t be able to reach the private IP address anyway.

Almost every organization already has a public DNS server (so that they can route email, publish a web site, etc), so this is easier than setting up an internal private DNS server.

Tailscale does not offer a DNS server, so you will need to use one that you run yourself, or one offered by your cloud or domain host, or by some other DNS provider. Note that DNS names may take a while to propagate once you add them.

