Why is resolv.conf being overwritten?

Tailscale overwrites /etc/resolv.conf when MagicDNS is enabled on the tailnet and --accept-dns is enabled on the machine running Tailscale and there doesn’t appear to be a DNS manager running on the system.

Common questions

How do I stop Tailscaled from overwriting /etc/resolv.conf?

For Linux, see Linux DNS. The short summary is that you’ll have the best experience by using systemd-resolved. Tailscale tries to interoperate with a number of other DNS managers before resorting to overwriting /etc/resolv.conf.

If a DNS manager isn’t available for your system, or you don’t want to run one, and don’t want Tailscale to overwrite /etc/resolv.conf, you can either disable MagicDNS for all devices on your tailnet or run tailscale set --accept-dns=false to disable MagicDNS on a single device.

Even if you set --accept-dns=false, Tailscale’s MagicDNS server still replies at 100.100.100.100 (or fd7a:115c:a1e0::53), as long as MagicDNS is enabled on the tailnet. If you’d like to manually configure your DNS configuration, you can point *.ts.net queries at 100.100.100.100. The 100.100.100.100 resolver runs inside tailscaled on the device and replies authoritatively to Tailscale DNS names without needing to forward queries out to the network.