Hacker News new | ask | show | jobs
by zrail 1164 days ago
Step 1: install Tailscale and Docker on a VM or whatever

Step 2: set up a Technitium container in host networking mode

Step 3: configure Technitium with a stub zone pointing your ts.net name at 100.100.100.100

Step 4: set up a zone for whatever.tld

Step 5: set up a DNAME record for ts.whatever.tld pointing at your ts.net domain

Result: querying this new DNS server with machine.ts.whatever.tld resolves to machine.blah-foo.ts.net resolves to that machine's 100.64.0.0 address.

https://technitium.com/dns/
1 comments
2bluesc 1164 days ago
I know this can be done manually (and I do), but the issue with that is that: 1. It's manual 2. Single point of failure of this server that was needed

My point was that MagicDNS is implemented in the Tailscale client on each machine (fault tolerant, 0ms latency) and has almost all the things necessary (DNS resolver, push mechanism for record updates) except for a custom defined zone.

Running `drill @100.100.100.100 <node_name>.<magic_dns_domain>.ts.net` is 0ms because it's local, and doesn't depend on a single DNS server running somewhere on my Tailscale network.

link
zrail 1164 days ago
Yep, that's fair. I actually run this setup on every machine in my lab. Technitium is so light weight and with this setup I don't need to jump through any hoops to get Docker containers to resolve Tailscale names.
link
2bluesc 1164 days ago
I'd never heard of Technitium, but was intrigued looking at. Was thinking "hmmm what could I do with this" and then had to refrain from creating another project just because.

TBH I find Docker networking a struggle and usually disable the `iptables` stuff and end up configuring my own rules. Painful, but at least less intrusive.

On the note of Tailscale+Docker networking, gluetun[0] is pretty awesome. It runs a Wireguard (not tailscale compatible, yet) instance within a Docker container and then you share that networking namespace with the other containers effectively confining them to the VPN. Comes with basic container namespace firewall configuration and DNS over TLS configuration.

[0] https://github.com/qdm12/gluetun

link