Add oceanbox.io as split domain #50

Merged

SimenLK merged 1 commits from simkir/split-dns into main 2025-10-06 13:02:42 +00:00

Conversation 7 Commits 1 Files Changed 1

+4

SimenLK commented 2025-10-06 12:47:54 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

This should hopefully force clients to to prefer using Tailscale MagicDNS when resolving oceanbox.io IPs.

After switching from resolvconf to systemd-resolved, DNS does not consitently choose tailscale 100.100.100.100 as its nameserver. Using DNS split in headscale should hopefully add oceanbox.io as a dns domain for your local systemd-resolved inferface.

$ resolvectl
Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
  Current DNS Server: 1.1.1.1
         DNS Servers: 100.100.100.100 1.1.1.1 8.8.8.8 127.0.0.1
Fallback DNS Servers: 100.100.100.100 1.1.1.1 8.8.8.8
          DNS Domain: oceanbox.io

Link 2 (enp2s0f1)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 1.1.1.1
       DNS Servers: 1.1.1.1 8.8.8.8
     Default Route: yes

Link 3 (wlp3s0)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
     Default Route: no

Link 5 (docker0)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
     Default Route: no

Link 600 (tailscale0)
    Current Scopes: DNS
         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 100.100.100.100
       DNS Servers: 100.100.100.100
        DNS Domain: obx ~.
     Default Route: yes

Ref: https://tailscale.com/kb/1054/dns?tab=linux#restricted-nameservers

And headscale config example from: https://github.com/gabe565/charts/issues/134#issuecomment-1523920694

This should hopefully force clients to to prefer using Tailscale MagicDNS when resolving oceanbox.io IPs. After switching from `resolvconf` to `systemd-resolved`, DNS does not consitently choose tailscale `100.100.100.100` as its nameserver. Using DNS split in headscale should hopefully add `oceanbox.io` as a dns domain for your local `systemd-resolved` inferface. ``` $ resolvectl Global Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Current DNS Server: 1.1.1.1 DNS Servers: 100.100.100.100 1.1.1.1 8.8.8.8 127.0.0.1 Fallback DNS Servers: 100.100.100.100 1.1.1.1 8.8.8.8 DNS Domain: oceanbox.io Link 2 (enp2s0f1) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6 Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 1.1.1.1 DNS Servers: 1.1.1.1 8.8.8.8 Default Route: yes Link 3 (wlp3s0) Current Scopes: none Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported Default Route: no Link 5 (docker0) Current Scopes: none Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported Default Route: no Link 600 (tailscale0) Current Scopes: DNS Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 100.100.100.100 DNS Servers: 100.100.100.100 DNS Domain: obx ~. Default Route: yes ``` Ref: https://tailscale.com/kb/1054/dns?tab=linux#restricted-nameservers And headscale config example from: https://github.com/gabe565/charts/issues/134#issuecomment-1523920694

SimenLK commented 2025-10-06 12:47:54 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

requested review from @juselius and @mrtz-j

requested review from @juselius and @mrtz-j

SimenLK commented 2025-10-06 12:47:54 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

assigned to @SimenLK

assigned to @SimenLK

mrtz-j (Migrated from gitlab.com) approved these changes 2025-10-06 12:47:54 +00:00

mrtz-j commented 2025-10-06 13:00:13 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

approved this merge request

approved this merge request

SimenLK commented 2025-10-06 13:00:37 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

changed the description

changed the description

SimenLK commented 2025-10-06 13:00:49 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

changed the description

changed the description

SimenLK (Migrated from gitlab.com) merged commit a4a86c436d into main 2025-10-06 13:02:43 +00:00

SimenLK commented 2025-10-06 13:02:45 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

mentioned in commit a4a86c436d

mentioned in commit a4a86c436d4b9b372976c49fa02527f8556a6d6e

Sign in to join this conversation.

Reviewers

No Reviewers

mrtz-j

Labels

Clear labels

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

1

The priority is critical

Priority

High

2

The priority is high

Priority

Low

4

The priority is low

Priority

Medium

3

The priority is medium

Reviewed

Confirmed

1

Issue has been confirmed

Reviewed

Duplicate

2

This issue or pull request already exists

Reviewed

Invalid

3

Invalid issue

Reviewed

Won't Fix

3

This issue won't be fixed

Status

Abandoned

3

Somebody has started to work on this but abandoned work

Status

Blocked

1

Something is blocking this issue or pull request

Status

Need More Info

2

Feedback is required to reproduce issue or to continue work

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

bast (radovan) juselius (Jonas Juselius) mrtz (Moritz Jörg) oletytlandsvik (Ole Tytlandsvik) release-bot renovate-bot simkir (Simen Kirkvik) stigrj (Stig Rune Jensen)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: platform/manifests#50