[dbmnt]

Not really. It messes with DNS big time. Try enabling the "MagicDNS" or "Exit Nodes" features, and watch as /etc/resolv.conf is edited with each change. I can easily reproduce scenarios where it's left empty and there's no working DNS resolution.

This is one of the major things I _don't_ like about Tailscale. I wish they'd just stick to enabling Wireguard and making the authentication easier (i.e., where they started). I'm not a fan of most of the features they've added since. I don't want service discovery, magic DNS, SSH key management and/or the kitchen sink bolted on.

[bradfitz]

It only messes with /etc/resolv.conf if you did `--accept-dns` and don't have systemd-resolved, which nowadays is much more common.

Linux DNS is a clusterfun: https://tailscale.com/blog/sisyphean-dns-client-linux/

But, yeah, without systemd-resolved Linux DNS is a fight for the death between uncooperating processes. NetworkManager is okay but there are a dozen buggy variants in the wild we have to work around.

Linux is by far the worst platform for DNS config.

I totally recommend systemd-resolved. It's the only thing that does DNS well on Linux.

[thefilmore]

What about using NSS[1]? You could add a Tailscale provider to the `hosts` entry.

[1]: https://en.wikipedia.org/wiki/Name_Service_Switch

[tornato7]

Consistently I’m unable to use Tailscale on a GCP instance and also use GCP services cleanly, because it messes with the DNS route to the metadata server. Otherwise, it’s a great product.

[bradfitz]

Thanks for the feedback. I've filed https://github.com/tailscale/tailscale/issues/4911 to fix that.

[bradfitz]

https://github.com/tailscale/tailscale/issues/4911 is now fixed and will be in the next release.

[Handytinge]

I don't use GCP, but this is a high quality example of a company doing feedback right. Nicely done!