starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-12 04:10:32 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

Override local DNS option for Pihole and Adguardhome? #101

New Issue
Closed
opened 2025-12-29 01:23:12 +01:00 by adam · 10 comments
adam commented 2025-12-29 01:23:12 +01:00
Owner
Copy Link

Originally created by @Akruidenberg on GitHub (Jan 17, 2022).

I would like to add my Adguard server to Headscale/Tailscale. However, i need an option for my clients to only use my own DNS server.
I can't find such option in Headscale, Tailscale does have this option.
Is it possible to add this option to Headscale?

Thanks in advance!

Originally created by @Akruidenberg on GitHub (Jan 17, 2022). I would like to add my Adguard server to Headscale/Tailscale. However, i need an option for my clients to only use my own DNS server. I can't find such option in Headscale, Tailscale does have this option. Is it possible to add this option to Headscale? Thanks in advance!
adam added the enhancement label 2025-12-29 01:23:12 +01:00
adam closed this issue 2025-12-29 01:23:13 +01:00
adam commented 2025-12-29 01:23:13 +01:00
Author
Owner
Copy Link

@asabla commented on GitHub (Jan 18, 2022):

Not sure if this is actually what you're looking for, but in the example configuration on line ~120. There are DNS-configuration settings

https://github.com/juanfont/headscale/blob/main/config-example.yaml#L120

@asabla commented on GitHub (Jan 18, 2022): Not sure if this is actually what you're looking for, but in the example configuration on line ~120. There are DNS-configuration settings https://github.com/juanfont/headscale/blob/main/config-example.yaml#L120
adam commented 2025-12-29 01:23:14 +01:00
Author
Owner
Copy Link

@Akruidenberg commented on GitHub (Jan 18, 2022):

My clients are connected to my adguard home dns. However, they are not forced to use the adguard dns only. That's why I need an override option for this.

@Akruidenberg commented on GitHub (Jan 18, 2022): My clients are connected to my adguard home dns. However, they are not forced to use the adguard dns only. That's why I need an override option for this.
adam commented 2025-12-29 01:23:14 +01:00
Author
Owner
Copy Link

@gmmoreira commented on GitHub (Jan 19, 2022):

Tailscale admin panel has an option to override local DNS. The option forces the client to always use the configure DNS in tailscale admin and ignore local DNS.

I also used this option in tailscale so I could use my unbound+hblock DNS in any of my clients, even outside of my home.

@gmmoreira commented on GitHub (Jan 19, 2022): Tailscale admin panel has an option to override local DNS. The option forces the client to always use the configure DNS in tailscale admin and ignore local DNS. I also used this option in tailscale so I could use my unbound+hblock DNS in any of my clients, even outside of my home.
adam commented 2025-12-29 01:23:15 +01:00
Author
Owner
Copy Link

@Akruidenberg commented on GitHub (Jan 19, 2022):

@gmmoreira this is exactly what I want. I would such option in headscale.

@Akruidenberg commented on GitHub (Jan 19, 2022): @gmmoreira this is exactly what I want. I would such option in headscale.
adam commented 2025-12-29 01:23:16 +01:00
Author
Owner
Copy Link

@Goeks1 commented on GitHub (Jan 19, 2022):

I think @asabla's comment is exactly what you are looking for. Its expose and overwrite the DNS addresses. As I can see you are able a list of DNS servers

@Goeks1 commented on GitHub (Jan 19, 2022): I think @asabla's comment is exactly what you are looking for. Its expose and overwrite the DNS addresses. As I can see you are able a list of DNS servers
adam commented 2025-12-29 01:23:17 +01:00
Author
Owner
Copy Link

@Akruidenberg commented on GitHub (Jan 19, 2022):

@Goeks1 that's not true. It will add my adguard server to my existing DNS servers from My router, but they aren't override.

@Akruidenberg commented on GitHub (Jan 19, 2022): @Goeks1 that's not true. It will add my adguard server to my existing DNS servers from My router, but they aren't override.
adam commented 2025-12-29 01:23:17 +01:00
Author
Owner
Copy Link

@Akruidenberg commented on GitHub (Jan 19, 2022):

@kradalby is it possible to add this feature?

@Akruidenberg commented on GitHub (Jan 19, 2022): @kradalby is it possible to add this feature?
adam commented 2025-12-29 01:23:18 +01:00
Author
Owner
Copy Link

@gmmoreira commented on GitHub (Jan 20, 2022):

To clarify the matter: https://github.com/tailscale/tailscale-android/blob/main/android/src/main/java/com/tailscale/ipn/DnsConfig.java

Tailscale's DNS support can either override the local DNS servers with a set of servers
configured in the admin panel, or supplement the local DNS servers with additional
servers for specific domains like example.com.beta.tailscale.net. In the non-override mode,
we need to retrieve the current set of DNS servers from the platform. These will typically
be the DNS servers received from DHCP.

Anyway, I think I have solved my problem. I could not use any of my hosted services when using mobile data. My only external client is my android smartphone and I already the app customized. In my headscale config.yml I have the nameservers key with the tailscale ip address of my dns server.

dns_config:
  # List of DNS servers to expose to clients.
  nameservers:
    - 100.64.x.y

I took a look in the app source code and noticed it will log the dns configuration when the vpn starts. I them used adb logcat and noticed it was indeed receiving the ip address of my dns, but in url format (http://100.64.x.y:58436/dns-query). I confirmed my server was indeed listening to that port. After some research I discovered that url path is for DNS over HTTP(s). I confirmed it was receiving queries running tcpdump on that port.

My unbound has some local entries, pointing to the ip address of my router DHCP range. The missing piece was running tailscale in my server advertising that ip range route.

sudo tailscale up --accept-dns=false --advertise-exit-node --advertise-routes=192.168.x.y/24

By allowing that route in headscale I could finally resolve and connect to my web services. I'm still not sure if it's overriding all DNS to use only my configured one.

@gmmoreira commented on GitHub (Jan 20, 2022): To clarify the matter: https://github.com/tailscale/tailscale-android/blob/main/android/src/main/java/com/tailscale/ipn/DnsConfig.java > Tailscale's DNS support can either override the local DNS servers with a set of servers configured in the admin panel, or supplement the local DNS servers with additional servers for specific domains like example.com.beta.tailscale.net. In the non-override mode, we need to retrieve the current set of DNS servers from the platform. These will typically be the DNS servers received from DHCP. Anyway, I think I have solved my problem. I could not use any of my hosted services when using mobile data. My only external client is my android smartphone and I already the app customized. In my headscale config.yml I have the `nameservers` key with the tailscale ip address of my dns server. ``` dns_config: # List of DNS servers to expose to clients. nameservers: - 100.64.x.y ``` I took a look in the app source code and noticed it will log the dns configuration when the vpn starts. I them used adb logcat and noticed it was indeed receiving the ip address of my dns, but in url format (http://100.64.x.y:58436/dns-query). I confirmed my server was indeed listening to that port. After some research I discovered that url path is for DNS over HTTP(s). I confirmed it was receiving queries running tcpdump on that port. My unbound has some local entries, pointing to the ip address of my router DHCP range. The missing piece was running tailscale in my server advertising that ip range route. ``` sudo tailscale up --accept-dns=false --advertise-exit-node --advertise-routes=192.168.x.y/24 ``` By allowing that route in headscale I could finally resolve and connect to my web services. I'm still not sure if it's overriding all DNS to use only my configured one.
adam commented 2025-12-29 01:23:18 +01:00
Author
Owner
Copy Link

@Akruidenberg commented on GitHub (Jan 29, 2022):

Here is another article:
https://tailscale.com/kb/1114/pi-hole/

All the features are available in headscale except the override option. It would be really nice to have.

@Akruidenberg commented on GitHub (Jan 29, 2022): Here is another article: https://tailscale.com/kb/1114/pi-hole/ All the features are available in headscale except the override option. It would be really nice to have.
adam commented 2025-12-29 01:23:19 +01:00
Author
Owner
Copy Link

@mlincett commented on GitHub (Sep 15, 2022):

As a workaround, it should be possible to set it manually with resolvectl -a wg0 -x (similar syntax for resolvconf).

@mlincett commented on GitHub (Sep 15, 2022): As a workaround, it should be possible to set it manually with `resolvectl -a wg0 -x` (similar syntax for `resolvconf`).
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
CLI
DERP
DNS
Nix
OIDC
SSH
bug
database
documentation
duplicate
enhancement
faq
good first issue
grants
help wanted
might-come
needs design doc
needs investigation
no-stale-bot
out of scope
performance
policy 📝
pull-request
Mirrored from GitHub Pull Request
 question
regression
routes
stale
tags
tailscale-feature-gap
well described ❤️
wontfix
No Label enhancement
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/headscale#101
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?