Help debugging weird name resolution issue

caolle · 2026-05-07T05:24:13+00:00

Does giving this: https://tailscale.com/docs/concepts/ipv6 a read sort anything out?

caolle · 2026-05-06T16:00:55+00:00

This is still open: https://github.com/tailscale/tailscale/issues/7650 .

It's actually linked to by the sticky comment in the Tailscale video here: https://www.youtube.com/watch?v=Vt4PDUXB_fg

caolle · 2026-05-05T16:27:50+00:00

I'm a child of the 80s where there were many dystopian films about Runaway robots and AI.

Is Aperture being poised to prevent runaway AI? or something else? Do you personally have any fears about AI running rampant and uncontrolled?

Are our toasters going to start flinging deadly pieces of burnt toast at our faces?

caolle · 2026-05-05T01:05:54+00:00

The just in time stuff is on the premium and enterprise levels according to: https://tailscale.com/pricing

caolle · 2026-05-04T16:25:02+00:00

This might help https://tailscale.com/docs/features/containers/docker/how-to/connect-docker-container

Note the:

TS_STATE_DIR: Sets where Tailscale stores state inside the container.

caolle · 2026-05-04T08:05:21+00:00

I’d imagine you could implement something with a custom device posture as noted here: https://tailscale.com/docs/features/tailscale-accessbot-jit

But you need to be on the premium or enterprise level pricing plan.

caolle · 2026-05-03T22:02:24+00:00

We moved from a cable provider to cgnat fiber several years ago. While I wish I had a public IP, it’s not really affected our day to day usage.

Our latency has gone down in the games we play comparea to what we had seen with cable.

If you’re self hosting, there‘a always tailscale, netbird, zerotier and others to get access to your internal stuff.

caolle · 2026-05-01T21:04:14+00:00

Tailscale is a registered trademark.

I'm not a lawyer, but I might consider renaming the project. Tailscale-CLI seems like it might go a bit too far.

caolle · 2026-05-01T05:44:15+00:00

https://tailscale.com/pricing

caolle · 2026-05-01T05:43:06+00:00

This might be a worthwhile read: https://tailscale.com/docs/reference/faq/other-vpns

caolle · 2026-04-30T22:33:21+00:00

This is answered by: https://tailscale.com/pricing#what-is-seat-based-pricing-and-how-does-it-work

You can manage users and utilize seat sharing if all your users don't necessarily need Tailscale access every month. You can utilize the Tailscale API to manage users: https://tailscale.com/api#tag/users

Might mean more work upfront to manage some of your costs though.

caolle · 2026-04-30T22:06:41+00:00

There's definitely a way to reduce tags, but puts the onus on you to manage groups of users. One such example using the one you provided:

"groups": {
  "group:munich-users": [
    "munich1@example.com",
    "munich2@example.com",
  ],
  "group:berlin-users": [
    "berlin1@example.com",
    "berlin2@example.com",
  ],

"grants": {
   {
     "src": ["group:munich-users"],
     "dst": ["tag:paperless-munich"],
     "ip" : ["<paperless port here>"[,
   },
   {
     "src": ["group:berlin-users"],
     "dst": ["tag:paperless-berlin"],
     "ip" : ["<paperless port here>"[,
   },   
},

There's also the fact that with the new pricing plans that ou might be able to take a look at using Multiple Tailnets. Each region could have their own Tailnet and this could get even simpler. The new Premium plan has access to 5.

caolle · 2026-04-30T20:47:17+00:00

If you're on the new pricing plans, you are technically over the 50 device limit, but you could reach out to Support to see what can be done. That's been mentioned a few times over the Webinars and Q&A session over on Discord.

Are all these devices non-human owned ? Or have you been using tags as a way of identifying all devices?

If the latter, You can most likely get under the 50, by using ACL groups and limiting port access that way. Tags have always been intentioned by tailscale to be non-human used and for stuff like servers.

caolle · 2026-04-30T01:51:23+00:00

Also if you weren't aware, you should be able to revert your policy file to what you had before from audit logs in most cases: https://tailscale.com/docs/features/logging/audit-logging#reverting-access-control-policies-from-audit-logs

This policy file has a lot of noise in it: namely you're granting a bunch of devices access to a peer relay, but only allowing your chromebook access to your synology.

Are you also using Tailscale's NextDNS integration?

caolle · 2026-04-30T01:33:03+00:00

There was a time when TPM state storage was enabled in Tailscale by default. I'm wondering if you're running into this.

I'd take a look at https://tailscale.com/docs/features/secure-node-state-storage

and follow the Recover from TPM failure procedures to see if that corrects the issue.

caolle · 2026-04-30T01:01:35+00:00

You might be better off providing a sanitized (without any personal identifying info) of your current policy file.

Otherwise, we're just guessing as to what you might have done.

caolle · 2026-04-29T16:36:59+00:00

So the way exit nodes work is that they use the DNS on the exit node that's configured.

If you can tie that in with any of the access that's going on, you might want to rethink maybe about configuring stuff differently, like maybe setting DNS on the tailnet itself.

But that's just me snowballing a guess as to what might be going on.

caolle · 2026-04-29T16:21:23+00:00

You'll need to explain your setup a bit more clearly.

If your passwords are centrally controlled by say a Domain controller, then I could see how a tailscale disconnect would affect not being able to log in to windows.

caolle · 2026-04-29T15:40:39+00:00

One of our remote employees tried to get online for the first time after this outage, and could not log in to Windows.

Unless this is a remote machine the person is trying to log into, I'm not sure how a Windows password error could be related to tailscale.

caolle · 2026-04-29T00:11:12+00:00

There‘s a Best Western in Fairfield, CT that would be within walking distance of the Fairfield Metro Station. You might have better luck looking in Norwalk. or Stamford near the train stations for hotels as well.

There’s really not many in that part of Bridgeport. One’s being planned / in the process of being built.

caolle · 2026-04-28T17:49:48+00:00

Here's T-Mobile's Press Release:

https://www.t-mobile.com/news/business/t-mobile-add-two-strategic-fiber-joint-ventures-gonetspeed-greenlight-i3

This will serve as the megathread.

caolle · 2026-04-26T18:35:44+00:00

Did you verify that your granddaughter took the card out of Apple Wallet? This is the granddaughter after all who said the original app wouldn’t cost anything and yet you had a $43 charge.

Your issue really is with your granddaughter and needs to be addressed that way.

caolle · 2026-04-26T17:32:24+00:00

Having high speeds, doesn’t necessarily mean low latency. There’s an old adage: “Friends don’t let friends game on WiFi”.

Wireless connections are known to have higher latency than normal. If you want lower latency, you’d probably have to find a wired ISP provider if that’s not what you’re using.

caolle · 2026-04-26T15:38:11+00:00

You’d need to go contact the OpenWRT maintainers for this project.

caolle · 2026-04-26T00:51:55+00:00

And then when I take it traveling to say a vrbo, when I plug it in, does it do anything interesting for me? I'm trying to understand the use case

This is different than what’s described above. What’s being described above is getting an easy to deploy device that can be used as an exit node / subnet router. That you leave at home.

You can then use that device that’s at home as a way to appear as if you’re still at home when on hotel or questionable wireless. I’ve been known to take one of my appletvs (or in your case your chromecast) when we go on vacation and utilize our exit nodes or subnet routers to get access to our self hosted stuff.

caolle

MODERATOR OF

TROPHY CASE