Magic DNS

Magic DNS automatically registers DNS names for devices in your network.

For example, when you add a new webserver called my-server to your network, you no longer need to note down its Tailscale IP: simply using the name my-server in your browser’s address bar or on the command line will work just as well.

Note

Magic DNS is currently in open beta; as such, it needs to be manually enabled. The information below may change significantly in the future.

Prerequisites

You must be running Tailscale version 1.1.173 or greater in order to use Magic DNS, which is currently only available in beta. Enabling Magic DNS will have no effect on older releases.

Your network must also have at least one DNS server enabled in the admin console. Until you do so, the toggle and Magic DNS will be disabled. The entered servers will receive all of your DNS queries not handled by Magic DNS. This restriction will be relaxed in the future.

Enabling Magic DNS

Magic DNS can be enabled domain-wide in the DNS tab of the admin console:

Disabling Magic DNS

Magic DNS can be disabled domain-wide by unchecking the box used to enable it.

If you are experiencing trouble with Magic DNS on a particular device and wish to disable it only there, the current solution is to stop accepting DNS from the admin console in general.

On Linux, stop accepting DNS with:

tailscale up [...] --accept-dns=false

On macOS, stop accepting DNS by unchecking “Use Corporate DNS” from the Tailscale client.

On Windows, stop accepting DNS by holding shift while right clicking on the Tailscale system tray icon, and unchecking “Use Corporate DNS” from the menu.

In the future, we aim to have sufficiently robust DNS configuration and resolution logic so that disabling Magic DNS separately will never be necessary, and the toggle will disappear.

How the domain names are determined

The domain name of each device has the form [base-name].[suffix]. The suffix is beta.tailscale.net for the duration of the beta test, but will change in the future.

The base name is derived from [hostname].[user-domain] following a number of rules that aim to produce sensible results. For example:

Hostname Domain Name Full Magic DNS Name
monitoring example.com monitoring.example.com.beta.tailscale.net
John's-iPhone-6S.local john.doe@gmail.com johns-iphone-6s.john-doe.gmail.com.beta.tailscale.net
🎊 free form 🎊 example.onmicrosoft.com free-form.example.onmicrosoft.com.beta.tailscale.net

As corner cases in these rules are found, they will change, so they are not listed here. You can see the currently active base name of a device on the respective machine page in the admin console:

Domain name uniqueness is enforced. If more than one device in the same domain domain has the same normalized hostname hostname, the first device will receive the base name hostname.domain and subsequent ones will receive names of the form hostname-#.domain, such as hostname-1.domain.

The domain names remain fixed until the hostname changes. If the first device mentioned above is deleted, the second one will retain the base name hostname-1.domain until the hostname is changed. In the future, we aim to support editing hostnames in the admin console; in the meantime, the Tailscale CLI can be used to change the hostname:

tailscale up [...] --hostname=[new hostname]

Automatic search paths

Entering such long names as above is very cumbersome, so, whenever you enable Magic DNS, Tailscale automatically sets up search paths so that you only need to enter the hostname part of the base name to look up the device. For example, to ping the device from Example 2 above, it suffices to issue the command

ping johns-iphone-6s

Note

Due to restrictions imposed by sandboxing, DNS configuration on macOS has no effect on some CLI tools that implement their own DNS resolution logic such as host and nslookup. So, for example, host johns-iphone-6s will not work on macOS, even if ping johns-iphone-6s will.

Likewise, to access the web interface of the monitoring node in Example 1, you can simply enter monitoring/ in the address bar of your favorite browser.

Note

The trailing slash in monitoring/ is important: otherwise, most browsers will redirect you to web search results for the word “monitoring”.

Last updated