Magic DNS automatically registers DNS names for devices in your network.
For example, when you add a new webserver called
my-server to your network,
you no longer need to note down its Tailscale IP: simply using the name
in your browser’s address bar or on the command line will work just as well.
Magic DNS is currently in open beta; as such, it needs to be manually enabled. The information below may change significantly in the future.
You must be running Tailscale version 1.1.173 or greater in order to use Magic DNS, which is currently only available in beta. Enabling Magic DNS will have no effect on older releases.
Your network must also have at least one DNS server enabled in the admin console. Until you do so, the toggle and Magic DNS will be disabled. The entered servers will receive all of your DNS queries not handled by Magic DNS. This restriction will be relaxed in the future.
Enabling Magic DNS
Magic DNS can be enabled domain-wide in the DNS tab of the admin console:
Disabling Magic DNS
Magic DNS can be disabled domain-wide by unchecking the box used to enable it.
If you are experiencing trouble with Magic DNS on a particular device and wish to disable it only there, the current solution is to stop accepting DNS from the admin console in general.
On Linux, stop accepting DNS with:
tailscale up [...] --accept-dns=false
On macOS, stop accepting DNS by unchecking “Use Corporate DNS” from the Tailscale client.
On Windows, stop accepting DNS by holding shift while right clicking on the Tailscale system tray icon, and unchecking “Use Corporate DNS” from the menu.
In the future, we aim to have sufficiently robust DNS configuration and resolution logic so that disabling Magic DNS separately will never be necessary, and the toggle will disappear.
How the domain names are determined
The domain name of each device has the form
The suffix is
beta.tailscale.net for the duration of the beta test, but will change in the future.
The base name is derived from
following a number of rules that aim to produce sensible results. For example:
|Hostname||Domain Name||Full Magic DNS Name|
|🎊 free form 🎊||example.onmicrosoft.com||
As corner cases in these rules are found, they will change, so they are not listed here. You can see the currently active base name of a device on the respective machine page in the admin console:
Domain name uniqueness is enforced.
If more than one device in the same domain
domain has the same normalized hostname
the first device will receive the base name
hostname.domain and subsequent ones
will receive names of the form
hostname-#.domain, such as
The domain names remain fixed until the hostname changes.
If the first device mentioned above is deleted, the second one will retain the base name
hostname-1.domain until the hostname is changed.
In the future, we aim to support editing hostnames in the admin console;
in the meantime, the Tailscale CLI can be used to change the hostname:
tailscale up [...] --hostname=[new hostname]
Automatic search paths
Entering such long names as above is very cumbersome, so, whenever you enable Magic DNS, Tailscale automatically sets up search paths so that you only need to enter the hostname part of the base name to look up the device. For example, to ping the device from Example 2 above, it suffices to issue the command
Due to restrictions imposed by sandboxing, DNS configuration on macOS
has no effect on some CLI tools that implement their own DNS resolution logic such as host and nslookup.
So, for example,
host johns-iphone-6s will not work on macOS, even if
ping johns-iphone-6s will.
Likewise, to access the web interface of the monitoring node in Example 1, you can simply enter
monitoring/ in the address bar of your favorite browser.
The trailing slash in
monitoring/ is important: otherwise, most browsers will
redirect you to web search results for the word “monitoring”.