tailscale client on windows sometimes cannot resolve login server address

[w1306349125]

What is the issue?

tailscale client sometime cannot resolve my own login server(headscale on my Hong Kong vps) address , I think it caused by golang dns resolver because system dns work correctly.

I try curl to fetch key directly, it returns as expected.
Maybe gfw block tailscale dns server?
tailscale status show:
Health check:
# - not logged in, last login error=fetch control key: Get "https://xxx.com/key?v=46": failed to resolve "xxx.com": no DNS fallback candidates remain for "xxx.com"

Steps to reproduce

No response

Are there any recent changes that introduced the issue?

No response

OS

Windows

OS version

win11

Tailscale version

1.32.2

Bug report

No response

[DentonGentry]

If it hasn't connected to the Headscale server then it hasn't received a DNS config and will still be using whatever DNS servers were set from DHCP in the underlying OS.

Are there multiple network interfaces or other VPNs running? Perhaps the DNS queries are going to an interface which doesn't actually have Internet connectivity.

[MirisWisdom]

Been receiving the same error -- also with a self-hosted Tailscale server. I've noticed that after explicitly disabling the unused Ethernet adapter on my laptop, the connection succeeds over Wi-Fi.

This confirms what @DentonGentry said in regard to the queries going through a network interface which doesn't have Internet connectivity.

I wonder if it's possible to specify the adapter which Tailscale would use, or have Tailscale try another NIC when the current one fails to query.

[w1306349125]

If it hasn't connected to the Headscale server then it hasn't received a DNS config and will still be using whatever DNS servers were set from DHCP in the underlying OS.

Are there multiple network interfaces or other VPNs running? Perhaps the DNS queries are going to an interface which doesn't actually have Internet connectivity.

In my laptop wireshark show tailscale attempted to request some other dns server, but those server(seem to be tailscale default config) cannot be access from some area like mainland China, after a long time, tailscale use os dns server ,but golang context deadline exceeded

[cute-rui]

Almost the same question here, also in mainland China. It seems like offical derp server went wrong. Is there any method to config derp server mannually before tailscale goes up and fetch custom derp server settings?

2022-11-19T18:49:38.121+08:00: trying bootstrapDNS("derp4d.tailscale.com", "134.122.94.167") for "log.tailscale.io" ...
2022-11-19T18:49:38.133+08:00: bootstrapDNS("derp4d.tailscale.com", "134.122.94.167") for "log.tailscale.io" error: Get "https://derp4d.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 134.122.94.167:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.133+08:00: trying bootstrapDNS("derp4c.tailscale.com", "2a03:b0c0:3:d0::1501:6001") for "log.tailscale.io" ...
2022-11-19T18:49:38.143+08:00: bootstrapDNS("derp4c.tailscale.com", "2a03:b0c0:3:d0::1501:6001") for "log.tailscale.io" error: Get "https://derp4c.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp [2a03:b0c0:3:d0::1501:6001]:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.143+08:00: trying bootstrapDNS("derp12.tailscale.com", "216.128.144.130") for "log.tailscale.io" ...
2022-11-19T18:49:38.152+08:00: bootstrapDNS("derp12.tailscale.com", "216.128.144.130") for "log.tailscale.io" error: Get "https://derp12.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 216.128.144.130:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.152+08:00: trying bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "log.tailscale.io" ...
2022-11-19T18:49:38.164+08:00: bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "log.tailscale.io" error: Get "https://derp7.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp [2401:c080:1000:467f:5400:2ff:feee:22aa]:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.164+08:00: trying bootstrapDNS("derp8d.tailscale.com", "178.62.44.132") for "log.tailscale.io" ...
2022-11-19T18:49:38.175+08:00: bootstrapDNS("derp8d.tailscale.com", "178.62.44.132") for "log.tailscale.io" error: Get "https://derp8d.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 178.62.44.132:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.175+08:00: trying bootstrapDNS("derp9c.tailscale.com", "2001:19f0:6401:fe7:5400:3ff:fe8d:6d9c") for "log.tailscale.io" ...
2022-11-19T18:49:38.188+08:00: bootstrapDNS("derp9c.tailscale.com", "2001:19f0:6401:fe7:5400:3ff:fe8d:6d9c") for "log.tailscale.io" error: Get "https://derp9c.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp [2001:19f0:6401:fe7:5400:3ff:fe8d:6d9c]:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.188+08:00: trying bootstrapDNS("derp1e.tailscale.com", "64.225.56.166") for "log.tailscale.io" ...
2022-11-19T18:49:38.197+08:00: bootstrapDNS("derp1e.tailscale.com", "64.225.56.166") for "log.tailscale.io" error: Get "https://derp1e.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 64.225.56.166:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.197+08:00: trying bootstrapDNS("derp12b.tailscale.com", "2001:19f0:5c01:48a:5400:3ff:fe8d:cb5f") for "log.tailscale.io" ...
2022-11-19T18:49:38.207+08:00: bootstrapDNS("derp12b.tailscale.com", "2001:19f0:5c01:48a:5400:3ff:fe8d:cb5f") for "log.tailscale.io" error: Get "https://derp12b.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp [2001:19f0:5c01:48a:5400:3ff:fe8d:cb5f]:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.207+08:00: trying bootstrapDNS("derp9c.tailscale.com", "155.138.243.219") for "log.tailscale.io" ...
2022-11-19T18:49:38.217+08:00: bootstrapDNS("derp9c.tailscale.com", "155.138.243.219") for "log.tailscale.io" error: Get "https://derp9c.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 155.138.243.219:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.217+08:00: trying bootstrapDNS("derp5.tailscale.com", "2001:19f0:5801:10b7:5400:2ff:feaa:284c") for "log.tailscale.io" ...

[koalang]

Almost the same question here, also in mainland China. It seems like offical derp server went wrong. Is there any method to config derp server mannually before tailscale goes up and fetch custom derp server settings?

2022-11-19T18:49:38.121+08:00: trying bootstrapDNS("derp4d.tailscale.com", "134.122.94.167") for "log.tailscale.io" ...
2022-11-19T18:49:38.133+08:00: bootstrapDNS("derp4d.tailscale.com", "134.122.94.167") for "log.tailscale.io" error: Get "https://derp4d.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 134.122.94.167:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.133+08:00: trying bootstrapDNS("derp4c.tailscale.com", "2a03:b0c0:3:d0::1501:6001") for "log.tailscale.io" ...
2022-11-19T18:49:38.143+08:00: bootstrapDNS("derp4c.tailscale.com", "2a03:b0c0:3:d0::1501:6001") for "log.tailscale.io" error: Get "https://derp4c.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp [2a03:b0c0:3:d0::1501:6001]:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.143+08:00: trying bootstrapDNS("derp12.tailscale.com", "216.128.144.130") for "log.tailscale.io" ...
2022-11-19T18:49:38.152+08:00: bootstrapDNS("derp12.tailscale.com", "216.128.144.130") for "log.tailscale.io" error: Get "https://derp12.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 216.128.144.130:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.152+08:00: trying bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "log.tailscale.io" ...
2022-11-19T18:49:38.164+08:00: bootstrapDNS("derp7.tailscale.com", "2401:c080:1000:467f:5400:2ff:feee:22aa") for "log.tailscale.io" error: Get "https://derp7.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp [2401:c080:1000:467f:5400:2ff:feee:22aa]:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.164+08:00: trying bootstrapDNS("derp8d.tailscale.com", "178.62.44.132") for "log.tailscale.io" ...
2022-11-19T18:49:38.175+08:00: bootstrapDNS("derp8d.tailscale.com", "178.62.44.132") for "log.tailscale.io" error: Get "https://derp8d.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 178.62.44.132:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.175+08:00: trying bootstrapDNS("derp9c.tailscale.com", "2001:19f0:6401:fe7:5400:3ff:fe8d:6d9c") for "log.tailscale.io" ...
2022-11-19T18:49:38.188+08:00: bootstrapDNS("derp9c.tailscale.com", "2001:19f0:6401:fe7:5400:3ff:fe8d:6d9c") for "log.tailscale.io" error: Get "https://derp9c.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp [2001:19f0:6401:fe7:5400:3ff:fe8d:6d9c]:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.188+08:00: trying bootstrapDNS("derp1e.tailscale.com", "64.225.56.166") for "log.tailscale.io" ...
2022-11-19T18:49:38.197+08:00: bootstrapDNS("derp1e.tailscale.com", "64.225.56.166") for "log.tailscale.io" error: Get "https://derp1e.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 64.225.56.166:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.197+08:00: trying bootstrapDNS("derp12b.tailscale.com", "2001:19f0:5c01:48a:5400:3ff:fe8d:cb5f") for "log.tailscale.io" ...
2022-11-19T18:49:38.207+08:00: bootstrapDNS("derp12b.tailscale.com", "2001:19f0:5c01:48a:5400:3ff:fe8d:cb5f") for "log.tailscale.io" error: Get "https://derp12b.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp [2001:19f0:5c01:48a:5400:3ff:fe8d:cb5f]:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.207+08:00: trying bootstrapDNS("derp9c.tailscale.com", "155.138.243.219") for "log.tailscale.io" ...
2022-11-19T18:49:38.217+08:00: bootstrapDNS("derp9c.tailscale.com", "155.138.243.219") for "log.tailscale.io" error: Get "https://derp9c.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 155.138.243.219:443: connectex: A socket operation was attempted to an unreachable network.
2022-11-19T18:49:38.217+08:00: trying bootstrapDNS("derp5.tailscale.com", "2001:19f0:5801:10b7:5400:2ff:feaa:284c") for "log.tailscale.io" ...

I faced the same problem in China mainland

[QZAiXH]

@DentonGentry
I encountered the same situation. I disabled the useless network card, but it still doesn't work.
I now have to change the network to use it.

[kazauwa]

Same here, disabled all unused network interfaces and explicitly added a record in hosts. Same error as in OP.
Tried versions 1.30.2, 1.34.1, 1.34.2, and 1.35.126

[kazauwa]

UPD:
Downgraded all the way to 1.22.2 and now it works. So I suppose that problem was introduced somewhere between 1.22.2 and 1.30.2. Unfortunately, I didn't have enough time to pinpoint the exact version.

[w1306349125]

If it hasn't connected to the Headscale server then it hasn't received a DNS config and will still be using whatever DNS servers were set from DHCP in the underlying OS.

Are there multiple network interfaces or other VPNs running? Perhaps the DNS queries are going to an interface which doesn't actually have Internet connectivity.

I think I find why system dns settings not working.
ProcessMonitor shows tailscaled get system dns setting by looking "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces", but under this key, I found many invalid configs.When I deleted all those configs, tailscaled get true dns setting as expected.

[lyc8503]

Same problem in China mainland.

[geelinsir]

如果它没有连接到Headscale服务器，那么它就没有连接到DNS配置，并且仍然使用在底层操作系统中从DHCP设置的任DNS服务事务器。
是否有多个网络接口或其他 VPN 正在运行？也可能是 DNS 查询将发送到实际上没有 Internet 连接的接口。

我想我找到了为什么系统 DNS 设置不起作用。 ProcessMonitor 通过查看“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces”显示设置，但在这个键下，我发现很多无效的配置。当我删除时所有这些配置时，tailscaled按预期获得正确的dns设置。

I have solved this problem through operation on my end! 谢啦哥们，困扰我好久了，时断时续。

[sjansen1]

Same issue with Tailscale and Headscale, disabling (currently) unused interfaces solved the issue for now. Tailscale should do dns lookups like any other program to avoid this issue.

[tsvico]

I encountered the same problem, I manually changed the DNS to 114.114.114.114 for Tailscale network adapter which solved the problem temporarily

[DentonGentry]

I think this is likely a symptom of #4845 and #6110

Tailscale 1.42.0 contains #8008, which is believed to resolve it.
Please post if you see further occurrences using Tailscale 1.42.0 or later.

Barring further comment, we'll expect to close this during the next regular bug scrub.

[parallelbgls]

Set second DNS to 114.114.114.114 solved my issue in China Mainland.

[fengwk]

UPD: Downgraded all the way to 1.22.2 and now it works. So I suppose that problem was introduced somewhere between 1.22.2 and 1.30.2. Unfortunately, I didn't have enough time to pinpoint the exact version.

Great, this works for me. Thanks.