New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows 11 23H2 - Client does not uninstall clearly for DNS #9948
Comments
DNS configuration is written to
Newer Tailscale releases create multiple entries depending on other GPO settings already present, those names are dynamically generated. |
No key value in that hive
[cid:bc529a55-7dc0-4428-ae5d-45a197016e8c]
I uninstalled client
still not able to resolve DNS local subnet
Thanks,
Jeremey Wise
Title: Principal FSA
Email: ***@***.******@***.***>
Mobile: 216-647-1121
[CDW logo 1]
…________________________________
From: Denton Gentry ***@***.***>
Sent: Tuesday, October 24, 2023 9:07 AM
To: tailscale/tailscale ***@***.***>
Cc: Jeremey Wise ***@***.***>; Author ***@***.***>
Subject: Re: [tailscale/tailscale] Windows 11 23H2 - Client does not uninstall clearly for DNS (Issue #9948)
EXTERNAL EMAIL
DNS configuration is written to HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\
5abe529b-675b-4486-8459-25a634dacc23 is the key used by older Tailscale releases which used only a single entry. If you installed it some time ago, this might still be present.
Newer Tailscale releases create multiple entries depending on other GPO settings already present, those names are dynamically generated.
—
Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https://github.com/tailscale/tailscale/issues/9948*issuecomment-1777172359__;Iw!!HUqgN_M!sUWUJ3UQXoRVBBEwzCDIUjolnIIpoqVpovtXyTSW6bFSQ-HHoUH1DAloaPsrmN4axlThKuPcabIXlp5dM6FwTg$>, or unsubscribe<https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AEC36VG2R6NR7CXPCMHPIE3YA64S7AVCNFSM6AAAAAA6NUEOTWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONZXGE3TEMZVHE__;!!HUqgN_M!sUWUJ3UQXoRVBBEwzCDIUjolnIIpoqVpovtXyTSW6bFSQ-HHoUH1DAloaPsrmN4axlThKuPcabIXlp6stxsksw$>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Did it leave entries in |
Nope
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 localhost
::1 localhost
172.16.100.31 vcenter01.penguinpages.local vcenter01
10.89.100.150 ps-vcenter-01.ps.labs.local ps-vcenter-01
10.89.100.151 ps-vcenter-02.ps.labs.local ps-vcenter-02
10.89.135.19 k8bastion.ps.labs.local k8bastion
As a baseline.. I added a few etries to rule out total DNS failure. Hosts put in file do resolve.
At first it was just one subdomain (see posting to Microsoft forum )
ps.labs.local -> fail
but upper level labs.local -> ok
and sub domain in different forest cnat.labs.local -> ok
And even my home network penguinpages.local -> ok But... a week ago it started failing
And I can see in wireshare .. packets going to 100.100.100.100 for those subnets
Thanks,
penguinpages
…________________________________
From: Brad Fitzpatrick ***@***.***>
Sent: Tuesday, October 24, 2023 9:51 AM
To: tailscale/tailscale ***@***.***>
Cc: Jeremey Wise ***@***.***>; Author ***@***.***>
Subject: Re: [tailscale/tailscale] Windows 11 23H2 - Client does not uninstall clearly for DNS (Issue #9948)
EXTERNAL EMAIL
Did it leave entries in c:\Windows\System32\Drivers\etc\hosts ?
—
Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https://github.com/tailscale/tailscale/issues/9948*issuecomment-1777251936__;Iw!!HUqgN_M!uOfZnVvEWtCEz3Sgx-A9i9F8dNlDEoBkKVhnYvNJI1OZtOdPi25d3tH7s6I2ffCjaK5qxFeq61FynpfISKzjbA$>, or unsubscribe<https://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/AEC36VFIMBZDX2CQULQGJQTYA7BX5AVCNFSM6AAAAAA6NUEOTWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONZXGI2TCOJTGY__;!!HUqgN_M!uOfZnVvEWtCEz3Sgx-A9i9F8dNlDEoBkKVhnYvNJI1OZtOdPi25d3tH7s6I2ffCjaK5qxFeq61Fynpezm7x8yQ$>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
If there were other GPO policies present when Tailscale wrote the DNS config, it would write to If something else on the system read in the DNS config and incorporated it, like OpenDNS, then the 100.100.100.100 may now be a part of that software's config. |
Your corect on it being policy And what is curious is that I wanted to compare what other Windows 11 hosts had to "restore" against.... That entire hive "DNSClient" does not exist. Checked three other systems.... So question is.
|
I backed up hive "DNSClient" then deleted.. required a reboot (my guess is Windows "dnsclient" service reads in on boot, and that service is blocked to restart... `Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient] Now DNS is back "normal" This was a bit "taxing" ... so having the TailScale "uninstall" work through this cleanup ... I would request it have some TLC. Thanks for posting and help |
If there are any policies present in Back in the day we weren't doing this right because service shutdown would just terminate tailscaled, so it never had a chance to clean anything up. Newer versions close the pipe to trigger a proper cleanup. |
What is the issue?
I have local DNS segment "penguinpages.local" as well as via VPN a few domains and subdomains. I installed to test tailscale and never really got that far and shelfed the product plan. I uninstalled client and seemed simple. A few days / week later I noticed a sub zone in remote lab was not responding to DNS. Lookups would with NSLookup but not in shell.
Long Posting here and various other MS forums... assuming it was WSL or HyperV etc on my system
https://www.elevenforum.com/t/windows-dns-subdomain-blackhole.19082/
Turns out.. it was some aspects of tailscale that are not uninstalling correctly. I reinstalled the client and tried to "deactivate" DNS redirect.. No change. No my home domain is blackholed. I need DNS back !! It has been three weeks now of tearing my Windows system apart to root cause this DNS issue
Steps to reproduce
Install tailscale
Uninstall windows client
Try to use DNS.
Are there any recent changes that introduced the issue?
No response
OS
Windows
OS version
11 23H2
Tailscale version
1.50.1
Other software
No response
Bug report
No response
The text was updated successfully, but these errors were encountered: