Split DNS Magic with Tailscale - Access remote services from anywhere!
Вставка
- Опубліковано 2 чер 2024
- Tailscales Split DNS function within the MagicDNS feature allows us to access devices by name, not IP. But what if we could also access any service running in a remote subnet via a Tailscale subnet router? That's what we'll cover in today's video.
- Blog post - blog.ktz.me/splitdns-magic-wi...
- Tailscale MagicDNS blog - tailscale.com/blog/2021-09-pr...
- Tailscale MagicDNS documentation - tailscale.com/kb/1081/magicdns/
- blog.ktz.me/fully-automated-d...
===
🎙️ selfhosted.show podcast
📱 twitter @ironicbadger
🦣 mastondon techhub.social/@ironicbadger
📓 blog.ktz.me
💾 perfectmediaserver.com
🧑🏽💻 github.com/ironicbadger
🎹 Intro Music - Joe Ressington
===
00:00 - Intro
01:10 - What is Split DNS?
05:06 - Demo - Brand new Tailnet
06:26 - Demo - Things work locally without Tailscale
07:36 - Demo - Installing Tailscale on OPNsense
09:14 - Demo - Enable Subnet Router
12:11 - Demo - Enabling SplitDNS
16:30 - Demo - DNS Wildcards
21:30 - Tailscale Pricing Changes
22:00 - Rules are made to be broken
22:41 - Outro - Наука та технологія
This is awesome. Would love to see/read more on the reverse proxy part of this!
It took me 2 days of sweating and cursing to get this working on pfSense a couple of weeks ago, I really applaud this video; it would have saved me a ton of time, this tutorial really hits the points that many similar vids have missed. Thankyou.
The mimugmail repo for opnsense makes everything so easy! Glad this helped.
Hopefully you’ve recovered from your experience!
If I'd watched this vid explaining exactly how routes are advertised and approved, I'd have sorted it in an hour. I'm a monkey-see, monkey-do learner :)
Vids like these should really help with adoption of the self hosted server stuff; keep up the good work.
Pfsense keeps dropping tailscale connection even I bought edge device still. But opnsense just works
From non-it person from the villages of africa
Just wanted to say how good of a tutorial this is. It breaks down everything into simple understandable parts and you give examples for everything. Well done sir.
The god-badger of homelab! Thanks for the awesome content (and exclusive) Alex.
Your have less than 10 videos and they are more polished than most of the big youtubers (in the niche). Well done and thanks for SHS too.
The only way is up! And down. And probably also sideways.
Excellent presentation. Explains the subject well. Great to have no background music and other distractions. Do continue to explore the different uses of Tailscale.
Today I learned what a Split DNS is. Thanks!
Best and most straight forward video on this I've seen yet. Thank you!
Thank you so much for making this. I love the Self-Hosted podcast and you are just proving here how Tailscale is such a great sponser to have!
Wow, loving this. Hope its the start of a series that focuses on those remote family and friends hookups and support we all do or want to do, but didn't have a good place to start.
Can't wait to you get to the remote data backup but everything is helpful. I'm in the has not started, still dreaming quadrant on most everything.
Saved to a purpose created playlist ... We been watching this video a few dozen more times and I will certainly let the ads play to support.
I need about another 48 hours in the day to make all the content I have lined up. Glad you're enjoying this one so much and thanks for the kind words.
Amazing stuff! Tailscale truly is a game changer!
What an incredible video! I really like how you explain things, it really hits :-)
Wow, thank you a lot for this video! I was struggling to understand the DNS settings in Tailscale but you made it really clear. My goal was to be able to use the same local urls on my tailscale network as I’m using on my local network (setup in pihole local DNS). By the looks of it, it shouldn’t be that difficult after watching this. You just got a new sub, I really like the format and you deserve way more subscribers mate! ⭐️ ⭐️ ⭐️ ⭐️ ⭐️
Great overview, very clear and informative. Tailscale has been a gateway for a new interest in networking and self-hosting, and I think this video has sold me on running more infrastructure at home
Your channel is fantastic. Thanks so much for this tutorial.
I normally don't bother leaving comments on UA-cam, but this is excellent stuff. Thank you, sir.
your blog guides got my devops career started! Excited you're making youtube videos now too :)
Wow this is so beautiful to hear and motivational!
I came to say that i got lost on the first minute of explanation but my tailscale is still running like a charm on all my devices 😂
Well done; thank you for the info.
Quality content as usual. From what you do on the JB podcasts, to now your YT Channel, truly amazed and grateful for all you feedback to the community. On this subject of Tailscale atop OPNSense, my only wish was it was supported in the GUI and appeared as an interface one could both monitor and apply policy
ules to. It's for this reason that I tend to prefer the ZeroTier method of treating every link as a pseudo L2 connection into a cloud acting as a ethernet switch. I guess I'm old school...but having a transparent connection into my home network (even when it's only allowing devices on my Tailnet Access) without a firewall in the middle just disturbs me.
Great content. Very helpful. Thank you!
Thank you so much, I've been trying so hard for the past week and turns out it was much easier than I thought. At first it didn't worked but after 15-30 minutes everything would resolve. Probably some propagation or I don't know.
Great video, would love to see a follow up on how you setup OPNSense with your home network.
Very helpful. Thank you!
Your Video help me out alot i am useing talscale and bind9
Beautifully explained. Worked like a charm. Awesome Vid.
Can this be integrated with Headscale?
If there was a page deidcated to making sense of tech stuff
I think this should go to the tailscale page. This is the holly grill of self hosting.
Amazing Tutorial 👍🏻
Thanks Alex,
The bit I was missing was adding the local dns server for a specific site or domain. Cheers!
Is a small but super important detail
question : how's your computer dns is configured to use tailscale dns, normaly all computers are configured to use public dns like google cloudflare ...etc, but in your case i don't understand the way your computer request dns from tailsclae you need to show use the dns configuration for client computers side ???
Stop making too much sense with the DNS scheme, your making me change everything. After I JUST CHANGED everything.
Shan’t.
@@ktzsystems Here's I'm trying to figure out how cheap I can go with 10gb after watching a backup restoration take 17 hours.
UniFi agg. A couple connect x3 cards and a couple transceivers… simple.
Hit me up on discord if you want me to work out the details with you.
In the video your internal services were using HTTPS. Do you have any information on how you set this up without exposing ports to the internet? You mentioned you are using Caddy. Are you using self signed certificates with a local CA? I've used SWAG from linux server previously, but want to move away from having an exposed ports. Thanks for the great video!
it would be nice to get the local ssl details, great video by the way
@@IstvanKovacs Did you ever figure out how to do the local ssl?
Did you ever figure out how to do the local ssl?
@@tfeagans yes, I did but it doesn’t depend on tailscale. I use Caddy
Good work, thnx for sharing.
Split-horizon DNS answers the way bind9 views work-where a source IP subnet determines the content of the record returned-is a challenge with pihole because dnsmasq has no such feature. It's necessary to run multiple dnsmasq instances or use bind9 views. All-tailscale situations don't need this, however source-IP-based split horizon is a cool way to bypass tailscale within a site. I have not gotten around to integrating this into my setup but I hope to at some point.
tailscale is goated. it really allows my to use my stuff the way I really want. I just usually have to find out how
Awesome video.
What is the new limit on subnet router with the new pricing structure? I couldn't find that information
needless to say its the best so far.
Hi Alex, thanks for this very nice video! I used many different dns-overlay-network-solutions like tailscale, zerotier, twingate, cloudflare tunnel, netmaker, netbird and so on... Actualy I use zerotier, because itcan be integrated to opnsense through web-gui, with separate interface and so with dedicated firewal-rules. A year ago I tried tailscale, but the performance was really bad (my case: I wanted to weekly backup a 4 GB file from my public mailserver to my internal backup-server) and I had interrupts and it took hours, though I have enough bandwicht up and down. I think it was because nat-traversal - it´s descriped in the tailscale documentation, but espesially for the opnsense the documetation doesn´t show a proper way to solve this issue. Ho did you solve this in your opnsense?
Island hopping vs lateral movement; compare and contrast. Or synonymous?
Hi this video was great I was struggling with tailscale so I can't wait to try this out. It's the first time I have seen the advertise marker will this only work on a router or could I set this up on a machine that is running tailscale?
Great video defo going to use my internal dns more thanks to this video. How do you add dns entries to Pi-hole wen they have a different port at the end like 8006 plz? Pi-hole only seems to accept an ip and not the :8006 port part after?
I was struggling with reverse proxy and ddns for so long. This video have nie clear info how to achieve what I neeed. Thanks
Hi. Great video. One question. Why do you use pihole and not unbound in OPNSense?
I couldn’t automate things easily with unbound.
In my home lab I just setup tailscale and used Duckdns with nginx so if I connect to tailscale then I just use Duckdns api to switch ip
can you add Pi hole as the main DNS server, so you can have ad blocking in every device?
Yep, you would configure that in your DHCP settings to point to PiHole.
Yeah I run 2 piholes in sync with gravity and as Alex said point router dhcp to use them for dns. Then have them both set as primary and secondary in Tailscale
Great video! Any reason you can't just use opnsense as the DNS server (using host overrides) and achieve similar results?
No reason really. Opnsense by default ships unbound as it’s DNS server. I just have a ton of Ansible automation around my pihole dnsmasq setup.
hey KTZ, I have usb router i want to use it as a mini NAS with attaching external HDD. My ISP blocked all the ports and i dont have static Ip i have dynamic ip so, can't port forwarding. I am also tried with DDNS (noip) but not worked. Is there anyway to access router usb from outside network.
Note- i don''t want to build a raspberry pi or budget pc for this(NAS)
Great video, I've stolen your dns naming scheme.
Q: If you have multiple sites (fam members homes) all joined to the same tailnet, doesn't that create its own security issues with lateral movement? Also is this solution dependent on each site having OpnSense and pihole locally? That seems like a havy maintenance overhead.
I have 4 fam homes but each home in their own tailnet to keep them separated and tailscale on each users device. The subnet router option looks like a better solution and i guess gives me access to devices that can't install tail-scale right?
How can i setup caddy for this?
I am using my own domain to implement the idea in the video. Currently I setup split dns and subnet router to point caddy so that it can serve as reverse proxy. From remote client I can ping both caddy and other docker services using their internal ip. But i cannot access them with subdomain. I assume something ls wrong with my caddy setup. However this setup work properly if I set up normally. (Without tailscale but using A and AAAA records)
Q: You are using mkcert for the local SSL certificates or you are using the Tailscale HTTPS?
likely using the acme built in to whatever load balancer i hit via dns
I'm having an odd issue that nobody else seems to have. I'm only getting Internet access when connected to my exit node. If I'm not connected to my exit node, I can't load any games on my phone, watch UA-cam or get new emails. Soon as I connect to my exit node everything starts working. I am however, able to access all my subnets regardless of being connected to my exit node. Any ideas what could be the problem?
Finally found a fix....had to disable MagicDNS. Something with using mobile 4g and having MagicDNS enabled doesn't jive.
Wish tailscale would allow me to access my dell server's idrac. I get a connection refused error if I use tailscale
hi brilliant video. I'm very confused. i have a home environment made as follows server running proxmox 8 home assistant , opnsense truenas all running as vms. i also have jellyfin (managing my media) running in a truenas jail. I would like to accsess my media from a remote site. where do i install tailscale? proxmox opnsense truenas home assistant or on ass of them? thank you
Hi,
Do you have and idea of it is possible to join two networks together? Like my parents and my network have like one DHCP server ideally over tailscale?
Technically it is possible. Practically speaking, horrible idea. If Tailscale goes down or the internet goes out all devices on that orphaned network are unable to get an IP.
But it seems to me that this only works by advertising a subnet. If I have tailscale installed in all my nodes (one one of those is my bind9 dns server) the best I can do is set up a search domain and use that.
How did you get TLS working?
cool. can we just use Cloudflare to manage the local DNS?
Technically yes but no but.
great video but plz plz hide the flashy switch in the background, sooo distracting
Blinky lights look so 1337 h4x0r though
I’m relatively tech savvy and I don’t understand.