MagicDNS seems broken on Android with v1.8.3

[fd]

General DNS resolution works but requests are routed to the DHCP announced nameservers. My account has MagicDNS enabled and has an internal nameserver (using a 100.x.x.x address). My other devices work find (none of them are Android).

I'm not sure how to provide more detailed information...

Front conversations

[ccesare]

I'm seeing the same (I assume) issue on Android 1.8.3.

I'm not using MagicDNS, but I do have one Tailscale device set as the DNS server. My Android device is no longer using it for name resolution.

I wasn't having any issues on 1.6.0, and my other Tailscale devices are still doing name resolution correctly.

[DentonGentry]

Could you look in https://login.tailscale.com/admin/dns (which substantially changed yesterday) to see if:

• Magic DNS is enabled?
• there are any Global Nameservers configured?
• whether the "Override local dns" selector is enabled or disabled?

[ccesare]

For me

• Magic DNS is disabled
• I have one nameserver added
• Override local DNS is enabled

[garthski]

Same issue for me too and only affecting my Android devices (Samsung Galaxy S10+ and Tab S7 on v1.8.3). Macbook, RPi and Windows machines all working fine.

• Magic DNS disabled.
• 1 Global Nameserver (set to Tailscale IP for pihole on RPi)
• Override local DNS is enabled.

[fd]

My settings:

• Magic DNS is enabled
• I have one nameserver added (using a tailscale address)
• Override local DNS is enabled

[astrophena]

Same issue for me too (only affects my Android 10 phone).

• Magic DNS is enabled
• I have Cloudflare nameservers added (for IPv4 and IPv6)
• Override local DNS is enabled.

[danderson]

Could (at least) one of you provide the tailscale IP of your android device that's misbehaving, so I can poke at debug logs? This behavior is doubly confusing because we don't yet support split DNS on android (we always use the global resolvers when DNS managemnt is enabled), so it's kind of amazing that we somehow end up doing the opposite.

[fd]

The tailscale IP 100.89.97.44 for my android device.

[garthski]

Dug up my kindle fire which still had android version 1.6.0 on it and it's having the same issue so not sure it's related directly to the 1.8.3 android app version. Connecting via IP address confirmed working on both android devices.

Kindle Fire - 1.6.0 - 100.115.215.89
Galaxy S10 - 1.8.3 - 100.117.215.74

[danopia]

I'm also seeing the issue of an Android phone (100.88.59.20) using its default DNS instead of the Tailscale-configured DNS server (100.106.147.120). MagicDNS is not enabled.

In a somewhat similar but more breaking fashion, a Chromebook (100.71.81.104) running Tailscale Android seemingly has DNS completely broken any time Tailscale is enabled, regardless of the DNS settings selected in Tailscale. Below is the Chromebook network diags:

Both of these cases started immediately after taking the 1.8.3 upgrade; unfortunately downgrading is not feasible :( so I can't verify that downgrading resolves.

[curzonj]

I have the same issue on my chromebook as @danopia with no DNS servers configured in Tailscale. Regardless of what I configure manually in ChromeOS Tailscale sets the nameservers to 0.0.0.0. I tried setting DNS servers in the Tailscale admin UI and reinstalling the Tailscale app and there was no change in behavior, network configuration for the VPN connection still had all custom DNS with 0.0.0.0.

[danopia]

I set my Chromebook to allow untrusted apps in order to perform a downgrade, and can confirm that 1.6.0 still works.

The configuration difference is visible in the network config UI, without changing any Tailscale settings:

1.8.3	1.6.0

Based on other evidence, it seems like real Android is forgiving and simply defaults to non-VPN DNS settings if the VPN app doesn't provide DNS. ChromeOS is apparently more picky, and also more painful to downgrade apps on :(

[garthski]

Just downgraded to 1.6.0 on my android phone to test and can confirm it does still work. Must just be my fire tablet that's an issue based on my last message.

[meinside]

I'm experiencing the same issue.
I have several Linux/Windows/macOS/Android machines on Tailscale,
but accessing other machines with machine names is not working only on Android devices. (1.8.3)

I have magic DNS enabled and local DNS overridden.
Removing and reinstalling the Android app did not help.

[DentonGentry]

Oddly, I have not been able to produce this. I'm running Tailscale 1.8.3 on a Pixel 3a running Android 11. My https://login.tailscale.com/admin/dns has:

• Magic DNS enabled
• A split domain "example.com" configured to use 100.x.y.z, the Tailscale address of a DNS server in my home
• Another split domain "example2.com" also configured to use 100.x.y.z
• global DNS servers of 8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, and 2001:4860:4860::8844.

I'm able to reach my devices using MagicDNS names.

[meinside]

For more information, both machine names and auto-assigned dns names(xxx.beta.tailscale.net things) do not work for me.
Only the IP addresses do right now.

But there was no such issue on previous Android versions.

[ledakis]

I have the same issue.
Magic DNS is off.
One nameserver set up (on tailscale network)
Override is enabled. (I have tried with override disabled, and it still not working).

Connecting directly by IP to other nodes works.

Edit: Downgrading to v1.6.0 solves the problem on my Pixel 5.

[DentonGentry]

If you're able to produce the problem: could you try adding a Split DNS server? That changes some of the behavior in the nameserver list sent down to the devices. You can create a server for something harmless like "example.com", its mere presence changes the behavior.

[ccesare]

I quickly tried this after seeing your comment about a working split DNS configuration on Android, but I still wasn't resolving names on my tailscale DNS server. I didn't investigate for too long though.

[fd]

I can also confirm that the problem persists after adding a split DNS server.

[astrophena]

I checked Tailscale logs through ADB (logcat -s com.tailscale.ipn:*) and noticed some interesting things:

05-25 15:22:21.267 15964  4679 I com.tailscale.ipn: 9.0M/93.5M control: controlclient: restarting map request for "dns" health change to new state: open /etc/resolv.conf.tmp553272162: read-only file system
05-25 15:22:21.269 15964  4679 I com.tailscale.ipn: 9.0M/93.5M Switching ipn state Starting -> Running (WantRunning=true)
05-25 15:22:21.275 15964 16008 I com.tailscale.ipn: 9.1M/93.5M health("dns"): error: open /etc/resolv.conf.tmp553272162: read-only file system

Also I tried to downgrade to Tailscale 1.6.0 and that resolved the problem.

[ccesare]

I've upgraded to 1.8.6, and my Android device still isn't using the Global Nameserver set in the admin panel. I haven't been using Magic DNS, so maybe this is a separate issue? I've toggled Tailscale on and off and swtiched from WiFi to LTE a few times to see if it might knock things into place but no luck.

[ledakis]

Like @ccesare said, I have just installed 1.8.6 on pixel 5 and on a chromebook and on both the DNS servers set from my admin panel are not set.

[fd]

I can confirm that 1.8.6 doesn't fix the issue. I also rebooted the phone just for good measure.

[DentonGentry]

Reopening issue, will look.

[adyanth]

Hi @DentonGentry
Is this fixed now? The 1.8.6 version on play store lists this as fixed, but I still cannot access my windows dns server frontended by pihole on Android 11.

Or will it be the next android app version that will include the fix? I do see this released: https://github.com/tailscale/tailscale-android/releases/tag/v1.8.6-t28a8f9c90-g04890797712

[ledakis]

Hi @DentonGentry
Is this fixed now? The 1.8.6 version on play store lists this as fixed, but I still cannot access my windows dns server frontended by pihole on Android 11.

Or will it be the next android app version that will include the fix? I do see this released: https://github.com/tailscale/tailscale-android/releases/tag/v1.8.6-t28a8f9c90-g04890797712

Yes the next update has fixed the issue for me. I joined the beta channel to get the update, it might take a couple of days I guess to come out normally. The release date shown is 29 of May

I am running v1.8.6-t28a8f9c90-g04890797712 from the beta channel and it works

[adyanth]

Thanks @ledakis! I will wait.

[ccesare]

Yep, the latest update also fixes the issue for me. Thanks @DentonGentry!

[DentonGentry]

The first attempted fix, 1.8.6-t28a8f9c90-gff16a75a65c released 5/28, only resolved one symptom and the main problem remained.

The second fix, 1.8.6-t28a8f9c90-g04890797712 released 5/29, resolved the rest of the problem and is the one people are reporting as fixing it.

The Play Store should be offering the update to everyone, it isn't in a beta channel or early access.

The F-Droid release hasn't updated yet, but I expect it to soon.

[adyanth]

Yes, the update does fix it, thanks!

[tdalbo92]

Sorry to resurrect a dead Issue, but this latest update seems to have caused this issue for me.

• MagicDNS is not enabled
• One global nameserver is set, the Tailscale IP of my Pi running Pihole
• Override local DNS is not enabled. This formerly was, but I had to disable it last night because none of my Tailscale clients could resolve any DNS queries. Not sure what broke this.
• One split domain set

Since updating this morning to the latest Android app version, no DNS queries resolve on Android.

[HasseJohansen]

I see the same kind of problem:

• MagicDNS is not enabled
• One global nameserver set to 1.1.1.1 (as I have to provide a global one when using scoped DNS)
• Override local DNS is not enabled(because I actually don't want to use the global one...it is just needed by tailscale)
• Scoped DNS enabled(what you call split dns - which I still think is a bad name) for one domain

Lookups for names in the splitted/scoped domain never reaches the nameserver set from Android

It works fine from OSX

I think I maybe read earlier that scoped dns/split dns was not supported on Android yet?

[cavedano8]

I also have similar problems.

• MagicDNS enabled
• Only one global nameserver (Tailscale IP of my raspberry running Adguard)
  If I set "override local dns" I can reach my devices with their name; if it is not set "override local dns", the devices can only be reached with Tailscale IP. Same behavior with both Android and PC Win

[ledakis]

Ah yes, I see the behaviour @tdalbo92 and @HasseJohansen mention. With overwrite turned off and setting a split dns record, on Android latest version ( v1.8.6-t28a8f9c90-g04890797712 ) the DNS server is actually set to the tailscale magic DNS server (100.100.100.100) which is not resolving any domain apart from the beta.tailscale.net ones.

All non-tailscale DNS queries seem to hang because of this.

Regarding what @cavedano8 said, if split dns is off, it works fine for me.

I assume like @HasseJohansen said that split dns is not supported on Android since there has to be some sort of internal conditional dns forwarder on the device and it is not set currently.

[normanr]

I see something similar (100.66.241.34 with v1.8.6-t28a8f9c90-g04890797712). MagicDNS enabled, global nameserver set to 192.168.1.11 (local network resolver), and override local DNS is enabled.

When I'm on the local network (192.168.1.0/24) then DNS requests like host check.dyndns.org 100.100.100.100 work, but when I'm on mobile (AT&T) then the DNS requests do not work. Requests for MagicDNS names work, so I'm guessing there's something weird going on with forwarding the non-tailscale requests "upstream", even though upstream is an address that should be fixed and routed to tailscale. host check.dyndns.org 192.168.1.11 and host check.dyndns.org 8.8.8.8 both work always, because 192.168.1.0/24 is routed into tailscale.

Are the upstream DNS requests made using regular UDP ports by the tailscale daemon? On Android a VPN client's connections will not be routed via the tun interface, so it's possible that the upstream DNS requests are not being sent back to tailscale. I suspect that tailscale will need to send the DNS requests internally if the upstream DNS server address is in the list of routes to route to tailscale (because the routing set up by the kernel won't do that for you).

[normanr]

(also note that the logcat entry for dns: Resolvercfg can be very long and android only logs the first 1000 characters, so it gets truncated half-way though LocalDomains)

[tdalbo92]

Is this eligible to be reopened? Or do we need a separate Issue to track this?

I haven't been able to use Tailscale on my phone for a week or so because of the regression.

[DentonGentry]

Ah: best to open a new issue, as this one has a long set of comments about the original issue

[tdalbo92]

Ah: best to open a new issue, as this one has a long set of comments about the original issue

Created #2102 , thanks!

[adamc199]

Did you get a resolution? GrapheneOS android 13 and I see the same behaviour you do in this post

[DentonGentry]

It is best to open a new issue, as this one has a long set of comments about the original issue.