Split DNS Magic with Tailscale - Access remote services from anywhere!

This is awesome. Would love to see/read more on the reverse proxy part of this!

It took me 2 days of sweating and cursing to get this working on pfSense a couple of weeks ago, I really applaud this video; it would have saved me a ton of time, this tutorial really hits the points that many similar vids have missed. Thankyou.

Just wanted to say how good of a tutorial this is. It breaks down everything into simple understandable parts and you give examples for everything. Well done sir.

The god-badger of homelab! Thanks for the awesome content (and exclusive) Alex.
Your have less than 10 videos and they are more polished than most of the big youtubers (in the niche). Well done and thanks for SHS too.

Excellent presentation. Explains the subject well. Great to have no background music and other distractions. Do continue to explore the different uses of Tailscale.

Today I learned what a Split DNS is. Thanks!

Best and most straight forward video on this I've seen yet. Thank you!

Thank you so much for making this. I love the Self-Hosted podcast and you are just proving here how Tailscale is such a great sponser to have!

Wow, loving this. Hope its the start of a series that focuses on those remote family and friends hookups and support we all do or want to do, but didn't have a good place to start.
Can't wait to you get to the remote data backup but everything is helpful. I'm in the has not started, still dreaming quadrant on most everything.
Saved to a purpose created playlist ... We been watching this video a few dozen more times and I will certainly let the ads play to support.

Amazing stuff! Tailscale truly is a game changer!

What an incredible video! I really like how you explain things, it really hits :-)

Wow, thank you a lot for this video! I was struggling to understand the DNS settings in Tailscale but you made it really clear. My goal was to be able to use the same local urls on my tailscale network as I’m using on my local network (setup in pihole local DNS). By the looks of it, it shouldn’t be that difficult after watching this. You just got a new sub, I really like the format and you deserve way more subscribers mate! ⭐️ ⭐️ ⭐️ ⭐️ ⭐️

Great overview, very clear and informative. Tailscale has been a gateway for a new interest in networking and self-hosting, and I think this video has sold me on running more infrastructure at home

Your channel is fantastic. Thanks so much for this tutorial.

I normally don't bother leaving comments on UA-cam, but this is excellent stuff. Thank you, sir.

your blog guides got my devops career started! Excited you're making youtube videos now too :)

I came to say that i got lost on the first minute of explanation but my tailscale is still running like a charm on all my devices 😂

Well done; thank you for the info.

Quality content as usual. From what you do on the JB podcasts, to now your YT Channel, truly amazed and grateful for all you feedback to the community. On this subject of Tailscale atop OPNSense, my only wish was it was supported in the GUI and appeared as an interface one could both monitor and apply policy
ules to. It's for this reason that I tend to prefer the ZeroTier method of treating every link as a pseudo L2 connection into a cloud acting as a ethernet switch. I guess I'm old school...but having a transparent connection into my home network (even when it's only allowing devices on my Tailnet Access) without a firewall in the middle just disturbs me.

Great content. Very helpful. Thank you!

Thank you so much, I've been trying so hard for the past week and turns out it was much easier than I thought. At first it didn't worked but after 15-30 minutes everything would resolve. Probably some propagation or I don't know.

Great video, would love to see a follow up on how you setup OPNSense with your home network.

Very helpful. Thank you!

Your Video help me out alot i am useing talscale and bind9

Beautifully explained. Worked like a charm. Awesome Vid.
Can this be integrated with Headscale?

If there was a page deidcated to making sense of tech stuff
I think this should go to the tailscale page. This is the holly grill of self hosting.

Amazing Tutorial 👍🏻

Thanks Alex,
The bit I was missing was adding the local dns server for a specific site or domain. Cheers!

question : how's your computer dns is configured to use tailscale dns, normaly all computers are configured to use public dns like google cloudflare ...etc, but in your case i don't understand the way your computer request dns from tailsclae you need to show use the dns configuration for client computers side ???

Stop making too much sense with the DNS scheme, your making me change everything. After I JUST CHANGED everything.

In the video your internal services were using HTTPS. Do you have any information on how you set this up without exposing ports to the internet? You mentioned you are using Caddy. Are you using self signed certificates with a local CA? I've used SWAG from linux server previously, but want to move away from having an exposed ports. Thanks for the great video!

Good work, thnx for sharing.

Split-horizon DNS answers the way bind9 views work-where a source IP subnet determines the content of the record returned-is a challenge with pihole because dnsmasq has no such feature. It's necessary to run multiple dnsmasq instances or use bind9 views. All-tailscale situations don't need this, however source-IP-based split horizon is a cool way to bypass tailscale within a site. I have not gotten around to integrating this into my setup but I hope to at some point.

tailscale is goated. it really allows my to use my stuff the way I really want. I just usually have to find out how

Awesome video.
What is the new limit on subnet router with the new pricing structure? I couldn't find that information

needless to say its the best so far.

Hi Alex, thanks for this very nice video! I used many different dns-overlay-network-solutions like tailscale, zerotier, twingate, cloudflare tunnel, netmaker, netbird and so on... Actualy I use zerotier, because itcan be integrated to opnsense through web-gui, with separate interface and so with dedicated firewal-rules. A year ago I tried tailscale, but the performance was really bad (my case: I wanted to weekly backup a 4 GB file from my public mailserver to my internal backup-server) and I had interrupts and it took hours, though I have enough bandwicht up and down. I think it was because nat-traversal - it´s descriped in the tailscale documentation, but espesially for the opnsense the documetation doesn´t show a proper way to solve this issue. Ho did you solve this in your opnsense?

Island hopping vs lateral movement; compare and contrast. Or synonymous?

Hi this video was great I was struggling with tailscale so I can't wait to try this out. It's the first time I have seen the advertise marker will this only work on a router or could I set this up on a machine that is running tailscale?

Great video defo going to use my internal dns more thanks to this video. How do you add dns entries to Pi-hole wen they have a different port at the end like 8006 plz? Pi-hole only seems to accept an ip and not the :8006 port part after?

I was struggling with reverse proxy and ddns for so long. This video have nie clear info how to achieve what I neeed. Thanks

Hi. Great video. One question. Why do you use pihole and not unbound in OPNSense?

In my home lab I just setup tailscale and used Duckdns with nginx so if I connect to tailscale then I just use Duckdns api to switch ip

can you add Pi hole as the main DNS server, so you can have ad blocking in every device?

Great video! Any reason you can't just use opnsense as the DNS server (using host overrides) and achieve similar results?

hey KTZ, I have usb router i want to use it as a mini NAS with attaching external HDD. My ISP blocked all the ports and i dont have static Ip i have dynamic ip so, can't port forwarding. I am also tried with DDNS (noip) but not worked. Is there anyway to access router usb from outside network.
Note- i don''t want to build a raspberry pi or budget pc for this(NAS)

Great video, I've stolen your dns naming scheme.
Q: If you have multiple sites (fam members homes) all joined to the same tailnet, doesn't that create its own security issues with lateral movement? Also is this solution dependent on each site having OpnSense and pihole locally? That seems like a havy maintenance overhead.
I have 4 fam homes but each home in their own tailnet to keep them separated and tailscale on each users device. The subnet router option looks like a better solution and i guess gives me access to devices that can't install tail-scale right?

How can i setup caddy for this?
I am using my own domain to implement the idea in the video. Currently I setup split dns and subnet router to point caddy so that it can serve as reverse proxy. From remote client I can ping both caddy and other docker services using their internal ip. But i cannot access them with subdomain. I assume something ls wrong with my caddy setup. However this setup work properly if I set up normally. (Without tailscale but using A and AAAA records)

Q: You are using mkcert for the local SSL certificates or you are using the Tailscale HTTPS?

I'm having an odd issue that nobody else seems to have. I'm only getting Internet access when connected to my exit node. If I'm not connected to my exit node, I can't load any games on my phone, watch UA-cam or get new emails. Soon as I connect to my exit node everything starts working. I am however, able to access all my subnets regardless of being connected to my exit node. Any ideas what could be the problem?

Wish tailscale would allow me to access my dell server's idrac. I get a connection refused error if I use tailscale

hi brilliant video. I'm very confused. i have a home environment made as follows server running proxmox 8 home assistant , opnsense truenas all running as vms. i also have jellyfin (managing my media) running in a truenas jail. I would like to accsess my media from a remote site. where do i install tailscale? proxmox opnsense truenas home assistant or on ass of them? thank you

Hi,
Do you have and idea of it is possible to join two networks together? Like my parents and my network have like one DHCP server ideally over tailscale?

But it seems to me that this only works by advertising a subnet. If I have tailscale installed in all my nodes (one one of those is my bind9 dns server) the best I can do is set up a search domain and use that.

How did you get TLS working?

cool. can we just use Cloudflare to manage the local DNS?

great video but plz plz hide the flashy switch in the background, sooo distracting

I’m relatively tech savvy and I don’t understand.