tailscale: DNS resolution not working after turning exit node
What is the issue?
After updating from Tailscale 1.18 to Tailscale 1.20.2 I no longer can use exit node functionality. I have ubuntu cloud machine as exit node (named vpn) and a windows machine. After enabling exit node on windows I get all DNS requests going to 100.100.100.100 and dying in timeout. The same requests from older version work flawlessly.
For ex, windows, 1.20.2, exit node off:
λ nslookup github.com
Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
Name: github.com
Address: 140.82.121.3
Windows, 1.20.2, exit node on:
λ nslookup github.com
Server: UnKnown
Address: 100.100.100.100
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Linux, 1.18.2, exit node on or off, whatever (same result) :
user@user-pi:~$ nslookup github.com 100.100.100.100
Server: 100.100.100.100
Address: 100.100.100.100#53
Non-authoritative answer:
Name: github.com
Address: 140.82.121.4
Linux, 1.20.2, exit node on:
user@user-pi:~$ tailscale version
1.20.2
tailscale commit: 312750ddd288cf4073cfaef56a45102b9c1e8421
other commit: 2c164d9c7443e2f3014fa54ea45e946b35152680
go version: go1.17.6-tse44d304e54
user@user-pi:~$ nslookup github.com 100.100.100.100
;; connection timed out; no servers could be reached
Well, anyway, it seems like 100.100.100.100 not working anywhere in 1.20.2 for me.
I see some changes related to DNS and exit nodes in release notes. Is there some configuration I have to do, in order to get this working again?
Steps to reproduce
No response
Are there any recent changes that introduced the issue?
Updated Tailscale everywhere to the latest version.
OS
Linux, Windows
OS version
Ubuntu 20.04.3 LTS (GNU/Linux 5.11.0-1027-oracle aarch64), Microsoft Windows [Version 10.0.19044.1466]
Tailscale version
1.20.2
Bug report
BUG-c2f835af9713719097081eaf7976601903d023065d119901ad8e2e1799922664-20220130093427Z-bd88e452804a0817
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 17 (7 by maintainers)
Commits related to this issue
- ipn/ipnlocal, wgengine/netstack: use netstack for peerapi server We're finding a bunch of host operating systems/firewalls interact poorly with peerapi. We either get ICMP errors from the host or use... — committed to tailscale/tailscale by bradfitz 2 years ago
- ipn/ipnlocal, wgengine/netstack: use netstack for peerapi server We're finding a bunch of host operating systems/firewalls interact poorly with peerapi. We either get ICMP errors from the host or use... — committed to tailscale/tailscale by bradfitz 2 years ago
- ipn/ipnlocal, wgengine/netstack: use netstack for peerapi server We're finding a bunch of host operating systems/firewalls interact poorly with peerapi. We either get ICMP errors from the host or use... — committed to tailscale/tailscale by bradfitz 2 years ago
- ipn/ipnlocal, wgengine/netstack: use netstack for peerapi server We're finding a bunch of host operating systems/firewalls interact poorly with peerapi. We either get ICMP errors from the host or use... — committed to tailscale/tailscale by bradfitz 2 years ago
- ipn/ipnlocal, wgengine/netstack: use netstack for peerapi server We're finding a bunch of host operating systems/firewalls interact poorly with peerapi. We either get ICMP errors from the host or use... — committed to tailscale/tailscale by bradfitz 2 years ago
- ipn/ipnlocal, wgengine/netstack: use netstack for peerapi server We're finding a bunch of host operating systems/firewalls interact poorly with peerapi. We either get ICMP errors from the host or use... — committed to tailscale/tailscale by bradfitz 2 years ago
Same here. Updating to that unstable build on the exit node fixed the problem.
Yep, quick testing show that it’s working now (updated only the exit node)
@cepera-ang I moved that last comment into a new issue, tailscale/tailscale-www#975
in netmap but unknown to wireguardis definitely weird. Also in logs:Hopefully I’ll find time to investigate soon.