Does it matter how I order my DNS resolvers?
The short answer: no.
The longer answer: it depends. If you’ve been managing network interfaces for a while, you might expect to be able to give an operating system a list of DNS nameservers in order, and that operating system will try each of those nameservers in sequence to find a given domain.
However, as increasingly more systems and software applications require a connection to the internet to function, even small delays or rare hiccups in DNS lookup can result in a degraded user experience. In response, many modern operating systems have adopted more complicated rules for how to optimize response time when multiple DNS nameservers are available.
- Query nameservers in order, with small delays in between each attempt
- Query all nameservers in parallel
- Change the order of nameservers based on past performance
- Change the order of nameservers based on known geographic proximity
- Load balance queries between nameservers
Since each operating system handles resolver ordering a little differently, we cannot guarantee that the DNS resolvers you add to the DNS settings page in the admin console will be queried in the exact order that you’ve specified. Depending on your particular DNS settings and your operating system, Tailscale will either proxy all DNS requests—in which case we query all nameservers in parallel and use the quickest response—or defer to the operating system, which we have no control over.
If you absolutely need nameservers to be in a specific order, it might be because you expect one of them (such as a private DNS service you run) to have different responses than the others. In that case, you’re probably better off using the split DNS feature or setting up conditional forwarding on your private DNS service and only using that resolver in your settings.