Why is resolv.conf being overwritten?

Tailscale overwrites /etc/resolv.conf when MagicDNS is enabled on the tailnet and --accept-dns is enabled on the machine running Tailscale and there doesn’t appear to be a DNS manager running on the system.

Common questions

How do I stop Tailscaled from overwriting /etc/resolv.conf?

For Linux, see Linux DNS. The short summary is that you’ll have the best experience by using systemd-resolved. Tailscale tries to interoperate with a number of other DNS managers before resorting to overwriting /etc/resolv.conf.

If a DNS manager isn’t available for your system, or you don’t want to run one, and don’t want Tailscale to overwrite /etc/resolv.conf, you can either disable MagicDNS for all devices on your tailnet or run tailscale set --accept-dns=false to disable MagicDNS on a single device.

Even if you set --accept-dns=false, Tailscale’s MagicDNS server still replies at 100.100.100.100 (or fd7a:115c:a1e0::53), as long as MagicDNS is enabled on the tailnet. If you’d like to manually configure your DNS configuration, you can point *.ts.net queries at 100.100.100.100. The 100.100.100.100 resolver runs inside tailscaled on the device and replies authoritatively to Tailscale DNS names without needing to forward queries out to the network.

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2023 Tailscale Inc.

Privacy & Terms