Magic DNS

Magic DNS automatically registers DNS names for devices in your network.

For example, when you add a new webserver called my-server to your network, you no longer need to note down its Tailscale IP: simply using the name my-server in your browser’s address bar or on the command line will work just as well.


Magic DNS is currently in open beta; as such, it needs to be manually enabled. The information below may change significantly in the future.


You must be running Tailscale v1.1.173 or greater in order to use Magic DNS. Enabling Magic DNS will have no effect on older releases.

Your network must also have at least one DNS server enabled in the admin console. Until you do so, the toggle and Magic DNS will be disabled. The entered servers will receive all of your DNS queries not handled by Magic DNS. This restriction will be relaxed in the future.

Enabling Magic DNS

Magic DNS can be enabled domain-wide in the DNS tab of the admin console:

Disabling Magic DNS

Magic DNS can be disabled domain-wide by unchecking the box used to enable it.

If you are experiencing trouble with Magic DNS on a particular device and wish to disable it only there, the current solution is to stop accepting DNS from the admin console in general.

On Linux, stop accepting DNS with:

tailscale up [...] --accept-dns=false

On macOS, stop accepting DNS by unchecking “Use Corporate DNS” from the Tailscale client.

On Windows, stop accepting DNS by holding shift while right clicking on the Tailscale system tray icon, and unchecking “Use Corporate DNS” from the menu.

In the future, we aim to have sufficiently robust DNS configuration and resolution logic so that disabling Magic DNS separately will never be necessary, and the toggle will disappear.

How the domain names are determined

The domain name of each device has the form [base-name].[suffix]. The suffix is for the duration of the beta test, but will change in the future.

The base name is derived from [machine-name].[user-domain], and uniqueness is enforced (See Machine naming).

You can see the currently active domain name of a device on the respective machine page in the admin console:

For more information on how domain names are generated and how to edit them, take a look at Machine naming.

Automatic search paths

Entering such long names as above is very cumbersome, so, whenever you enable Magic DNS, Tailscale automatically sets up search paths so that you only need to enter the machine-name part of the base name to look up the device. For example, to ping the device from Example 2 above, it suffices to issue the command

ping johns-iphone-6s


Due to restrictions imposed by sandboxing, DNS configuration on macOS has no effect on some CLI tools that implement their own DNS resolution logic such as host and nslookup. So, for example, host johns-iphone-6s will not work on macOS, even if ping johns-iphone-6s will.

Likewise, to access the web interface of the monitoring node in Example 1, you can simply enter monitoring/ in the address bar of your favorite browser.


The trailing slash in monitoring/ is important: otherwise, most browsers will redirect you to web search results for the word “monitoring”.

Last updated