MagicDNS automatically registers DNS names for devices in your network.
If you add a new webserver called
my-server to your network, you no longer
need to use its Tailscale IP: using the name
my-server in your
browser’s address bar or on the command line will work.
Your network must have at least one DNS nameserver enabled in the admin console. These nameservers will receive all DNS queries not handled by MagicDNS. This restriction will be relaxed in the future.
MagicDNS can be enabled for your whole network in the DNS tab of the admin console:
Once MagicDNS is enabled, any device signed in to your network can access other devices by using their machine name. For example, if you have a server named “monitoring”:
- To SSH into it, run
- To ping it, run
- To open it in your browser, type
monitoringin your address bar.
nslookupcircumvent system DNS resolution, and will not work with MagicDNS. For example,
host johns-iphone-6swill not work on macOS, even if
ping webserver.example2.com.beta.tailscale.net. We will relax this restriction in future versions.
Under the hood, MagicDNS generates a full domain name for every device on your network. The full domain name is made up of three parts:
- A machine name, which you can change.
- Your Tailscale network’s domain. For users on shared email hosts (Gmail, Outlook, etc), this is your full email address.
- A static suffix. The suffix is
beta.tailscale.netfor the duration of the MagicDNS beta, but may change in the future.
The table below shows how some example machine names, and domains combine to create the full domain name.
|Machine Name||Network Domain||Full Domain Name|
Full domain names can be cumbersome to type, so when you enable MagicDNS, Tailscale automatically adds search domains to your network. With these search domains you only need to type the machine name to access a device.
For the example.com network, the following two commands are equivalent:
ping monitoring ping monitoring.example.com.beta.tailscale.net
In most situations, you’ll want to use the machine name. But for security reasons, accessing devices shared with you requires using the full domain name.
You can see the full domain name of any device in your network by opening its machine page in the admin console.
MagicDNS can be disabled for your whole network by toggling the same button you used to enable it in the admin console.
If you are experiencing trouble with MagicDNS on a particular device and wish to disable it only there, the current solution is to stop accepting network DNS settings in general.
On Linux, stop accepting DNS with:
tailscale up [...] --accept-dns=false
On macOS, stop accepting DNS by clicking on the Tailscale menubar icon. From here, click Preferences, and then you can uncheck Use Tailscale DNS settings from the menu.
On Windows, stop accepting DNS by holding shift while right clicking on the Tailscale system tray icon, and unchecking Use Tailscale DNS from the menu.
In the future, we will have robust enough DNS configuration and resolution logic that disabling MagicDNS separately will never be necessary. At this point, the toggle will disappear.