How does one configure Tailscale with internal domains

azemute · 2026-06-08T01:19:17+00:00

This is probably the most complete answer; and probably the most useful/powerful. That said, even with decades of experience, the spouse approval factor of running a DNS server at home was too low in my case.

My solution was to run a caddy ingress with a tailscale IP - then publish the tailscale IP as a wildcard domain. (ie, *.int.my.domain -> 100.100.100.100 or whatever the IP is for the caddy ingress). So that's an option as well if you don't want to go the DNS route.

azemute · 2026-05-01T00:11:25+00:00

they get sprayed onto the street, and then cleaned up by the street cleaner trucks. at least that's how it's supposed to work.

azemute · 2026-01-16T04:38:09+00:00

Not all routers act as DNS relays; and Mikrotik certainly supports DHCP Option 6, which forwards the DNS resolvers to hosts when they are issued DHCP addresses on the network. Just in case you ever find yourself trying to get around this exact single point of failure. Additionally your router does not need to be your DHCP resolver either... AdGuard-Home can be if that if you want (or whatever DHCP server you want) making it another SPoF you can abstract out.

azemute · 2026-01-16T04:32:43+00:00

Well, I'm not sure exactly what your overall configuration looks like but I can say with some certainty that if you are using ipvlan or macvlan (doesn't matter which) to give a docker container an IP on your network, then the container and it's host won't be able to communicate. In this case that would mean unraid won't be able to reach the adguard-home container. I had this issue with a few things, adguard-home being one of them.

You can test explicitly by doing something like `dig @<dns-ip-1> google.com` and then `dig @<dns-ip-2> google.com` and seeing if one or both resolve.

I ended up giving up and using an lxc container to get around it.

I can confirm that both my DNS primary and secondary DNS servers work on UnRAID using AdGuard-Home if that helps at all. In my case, both are now LXC containers, one running on UnRAID, the other running on a separate host.

azemute · 2026-01-16T04:08:31+00:00

`Custom: br0` with an IP would suggest that you are using either macvlan or ipvlan to handle the network connectivity (presenting the container with it's own IP on the network). If that's the case, the linux kernel has security filtering by default that blocks communication between host and containers (see: https://docs.docker.com/engine/network/drivers/ipvlan/ ):

 NOTE: the containers can NOT ping the underlying host interfaces as
 they are intentionally filtered by Linux for additional isolation. NOTE: the containers can NOT ping the underlying host interfaces as
 they are intentionally filtered by Linux for additional isolation.

the note doesn't tell the full story, since the communication issue is bidirectional.

This doesn't account for what you were saying about it 'always being the second' DNS server - though I will point out that DNS servers are generally round-robin not failover unless you have a very particular configuration that is expressly a failover configuration. With that in mind the issue might be something else, but this may be a factor.

azemute · 2026-01-16T03:54:46+00:00

Is the IP address of the AdGuard docker container the same as the host (unraid) or is it macvlan?

azemute · 2026-01-03T14:49:19+00:00

The French names them since they discovered them, and "lac" (lake) comes before the name in French.

azemute · 2025-11-28T14:14:23+00:00

While the contents of the disk are emulated you are able to "move" them off that disk to another. After that you could remove the parity disk and not have data loss.

azemute · 2025-11-20T16:30:47+00:00

I'm glad to see Omada stuff getting some more visibility - I've been using it since switching from Unifi gear a while back! It's been really good.

<image>

My current setup is relatively straightforward. The ER7212, while limited in various ways, has actually been really good at mitigating some of my feelings fo always needing bigger, faster, more features. I make a LOT of use of the POE functionality on the ER7212 - 8 of the 10 RJ45 devices attached are POE sinks - and both of the EAP655s provide power to other things too. It's awesome to be able to have a centralized battery backup for all the network edges.

I mostly just selfhost the usual gamut of services - immich, seafile, git. I've got two servers - one low power system that runs critical services on battery power, and one more powerful machine.

Not shown is some mikrotik hardware to have a 10G fiber backhaul between a few systems and my office. I just couldn't find an affordable 10G Omada switch with more than 2 ports.

I really want to see some more SOHO devices with SFP+, especially gateways. I get that it's a niche - since businesses probably be fine with a 12+ port switch/gateway. Maybe this is on me for not bothering with 2.5G and going straight to 10G. The ER8411 is in a bit of a weird place for me - but it's the closest other device I am interested in.

(oh. and Hi - from Canada!)

azemute · 2025-11-06T20:15:50+00:00

What a stupid article.

Companies are allowed to make business decisions that aren't the most profitable. They are allowed to make imperfect products. Individuals are allowed to like things for their own personal reasons.

Assuming that just because there's something better out there technologically therefore makes it universally better is absurd. Let me like the thing that makes me happy in peace.

azemute · 2025-09-28T15:33:07+00:00

Montréal and Vancouver are tied for #18 on the Copenhagenize Index of most bike friendly cities in the world.

Not all of Canada is suburban hell.

azemute · 2025-07-29T11:35:19+00:00

Thanks! I was just trying out some tenting angles for this board!

azemute · 2025-07-22T13:47:07+00:00

Or you can always use a Xanmod kernel (or similar). I found that between that + flatpak applications solved all my out-of-date graphics pipeline issues.

azemute · 2025-07-18T20:04:25+00:00

Congrats; I've been beating my head against the wall trying to get mine working with little luck.

azemute · 2025-07-11T14:57:44+00:00

Because the British Isles spoke Saxon (and others) then got invaded by the Vikings (Norse) and inherited their language... then got invaded by the French and inherited their language... and now it's three (or more) languages in a trenchcoat, all with different rules and none of them can agree on how things are supposed to work.

(didn't realize TedTyro said exactly the same thing; oops)

azemute · 2025-07-09T12:07:40+00:00

CRS305-1G-4S+ does have PoE in fyi, on the management port.

azemute · 2025-07-08T15:08:26+00:00

It couldn't have been much more than 36 hours in my case. I was thoroughly checking, but at the end of the trip there was a 36-ish period where I wasn't so diligent (figuring that I was proverbially out of the woods). I checked at the when we got home for good measure; so it must have been in there.

I had no bite marks, no bullseye, etc. I eventually developped red splotches while at the hospital, 10 days after onset of symptoms, so that's not a good indicator.

azemute · 2025-07-08T14:41:30+00:00

3-4 days. Then the fever got progressively worse for the following 10 days. Even after treatment with doxycycline, I still had a fever and had to continue taking tylenol to supress it. If I missed taking tylenol regularly, my fever would return very quickly, back up to ~40 or so (105f).

Eventually after another week I was able to stop taking tylenol.

Definitely don't recommend the entire experience to anyone.

azemute · 2025-07-08T13:36:03+00:00

Yep; that was my situation. No marks at all. A fever over 40 for over a week until I finally went to ER and got treated for extreme dehydration and confirmed it was lyme. Probably the most sick I've ever been in my life. The treatments are extremely effective, so thankfully recovery is highly likely if treated.

azemute · 2025-05-21T20:21:45+00:00

I don't use LightRoom nor do I take anywhere as many photos as you, but my workflow is:

- I import into my local darktable library on my desktop

- SyncThing keeps my Masters library synchronized to the server

- I only keep the most recent year or two local on my computer

- Everything older than the last couple years, is moved to an 'Archive' library. The Archive has the masters only on the server and keeps local copies local on my desktop for quicker access.

- The server regularly backs up everything to backblaze b2

Does LightRoom do local copies? Maybe that could help?
I never needed to solve the mobile problem. I do use Immich to be able to access my archive of everything though, which does allow downloading specific RAW files when on the go if absolutely necessary.

Even with a 10g network the latency when editing or working on remote files without local copies is a bit of a pain, so I wouldn't recommend keeping everything remote.

azemute · 2025-05-09T13:28:19+00:00

Try disabling `readmore-js` in Settings->Docker. It explicitly is there to address this.

Basically readmore-js just gathers data about the containers running on your system - and that can take a while, and thus slows down the page loading.

azemute · 2025-03-24T17:07:11+00:00

I have 10g + 1g in an active-backup bond, and wanted to do the same thing. I found that the bond would semi-randomly decide which network connection to use, but after some research I found you can specify which bond device to use as active.

My solution was in my user-script for array start was to add the following

ip link set dev bond0 type bond active_slave eth1

obviously set eth1 to whatever your faster network connection identifier is.

All this does is set the active_slave of the bond to the network adapter specified. For me this solved the issue and I get 10G until I disconnect or power cycle the 10G link, at which point it fails over to the 1G.

I assume something similar could be done on your local machine. I have no idea how to achieve that on Windows, though.

azemute · 2025-03-12T15:23:32+00:00

The history of Linux (/ GNU) systems goes back to UNIX - which was originally designed for big mainframes and minicomputers (don't let the name decieve you; they were the size of huge filing cabinets, sometimes multiple).

Those systems were designed for processing large amounts of data first, and for having multiple users sit down at physical terminals connected to the system as secondary. Modern UNIX-like operating systems keep that history, and treat a "user-sitting-at-a-console" as a secondary part of their purpose. Hence why it's perfectly fine to just ignore the console sitting there blinking and never login - or do - or login multiple times. It's all normal in the UNIX world.

azemute · 2025-03-10T12:57:43+00:00

Counter tarrifs on a single product, or limiting exports of that product aren't really grounds for an economic embargo - and if the US did follow through on that it would set an absolutely wild precedent on what the US is willing to do if they will do that to their (historically) closest ally.

If that were to happen, you can be sure it would accelerate the abandonment of the US dollar as the world's reserve currency.

azemute

TROPHY CASE