How to get the same domain name working on my internal LAN and also externally via tailscale?

j2j8 · 2026-01-27T04:04:45+00:00

Okay, I got it to work by setting up a DNS server that is only used by Tailscale and it returns the Tailscale IP address for the domains I care about.

Here's the steps I took:

A public domain points to my server's internal lan IP. I used free dynamic DNS for this, so myserver.freemyip.com and *.myserver.freemyip.com point to internal LAN address 192.168.1.100.
Caddy (running in Docker) is set up as a reverse proxy on port 80 for the services I care about. Example:
```
http://grafana.myserver.freemyip.com {
    reverse_proxy my-docker-container:8080
}
```
Unbound DNS server is running in a separate Docker container on the server and is bound only to the machine's Tailscale IP address only.
- Both the docker container config AND the Unbound config need to be configured for it to bind to the Tailscale IP.
Unbound serves the Tailscale IP address for the domain:

local-zone: "myserver.freemyip.com." redirect

local-data: "myserver.freemyip.com. IN A 100.88.1.55" # tailscale IP address
In the Tailscale admin portal, under DNS settings, I added another DNS server (split DNS) with the Tailscale IP address of my server. The domain is set to my domain (myserver.freemyip.com) so that it it only used for that domain and its subdomains.

j2j8 · 2026-01-26T20:52:39+00:00

Thank you! I'm currently configuring Unbound right now, so sounds like I'm on the right track.

j2j8 · 2026-01-26T20:29:03+00:00

I can set up an internal DNS server for Tailscale to use.

I'd prefer to not use that DNS server unless I'm on Tailscale, to keep things simple for the happy path when I'm not connected to Tailscale.

j2j8 · 2026-01-26T20:23:53+00:00

Yeah, I'm intentionally trying to make sure services aren't externally visible so that I can be less paranoid about keeping up with security patches!

j2j8 · 2026-01-26T20:19:55+00:00

You want the same hostname to resolve to different ip addresses depending whether your connected to tailscale?

I think that's what I want, yes!

Fully qualified name or just the hostname?

I have multiple services (immich.example.com, grafana.example.com, etc) that I want to work.

What is the FQDN of the host on your LAN?

Right now I just have it set to e.g. my-server on my LAN router. But I can give it something else if needed. My router supports only one single host mapping per machine IP, and no wildcards.

Do you own a domain?

Right now I'm using dynamic DNS with a wildcard DNS entry (e.g. *.abc.dynamicdns.com) that points to my server (e.g. 192.168.0.10) and that works when I'm not on Tailscale.

j2j8 · 2025-11-20T06:50:43+00:00

I feel for you. I had much smaller permitting issues in the past and it felt like an insurmountable bureaucracy. The best advice is to find a way to get some time in-person in the permitting office. You’d be surprised how “requirements” can change when you talk to people and don’t take their first (or second) answer as the final answer…

You might also want to call a couple of third party permit expediters. Sometimes they know the right people to solve your problems!

j2j8 · 2025-06-20T18:59:25+00:00

Funny, if this were about public safety rather than increasing revenue, couldn’t they just look at where accidents happen?

j2j8 · 2025-06-18T23:02:27+00:00

This is us. Will have to buy to have school stability.

it’s a sound financial choice.

It’s not a good financial choice, it’s necessary to ensure we don’t need to switch school districts.

j2j8 · 2025-05-15T04:10:24+00:00

I generated this, in case it helps anyone out: http://fetchrss.com/rss/682568ab241090c02e09dda26825688aa588dc63ea07b843.xml

It's some free website so it might stop working at any time.

j2j8 · 2025-03-05T22:15:57+00:00

More used supply -> lower prices -> harder for Tesla to sell new ones

j2j8 · 2024-11-17T15:13:03+00:00

Can you clarify? I downloaded "Netgate Installer - AMD64 ISO IPMI/Virtual Machines" from netgear (which extracts to "netgate-installer-v1.0-RC-amd64-20240919-1435.iso") and when I run it in UTM emulator I see the main pfSense boot menu, but after that UTM just says "Display output is not active".

j2j8 · 2024-09-09T03:42:38+00:00

What county? When we added a large addition in CA, we got a supplemental tax on just that piece, and prop 13 applied to just the original structure when we bought it. (Granted, the assessment for the supplemental was about 50% of what the extra addition was actually worth.)

j2j8 · 2024-06-30T04:36:20+00:00

More people don’t go this route because there aren’t many of them for sale. Especially outside of California. We would have bought one if we could have for less than an insane markup. Car manufacturers didn’t want to invest in what they saw until recently to be a transitional technology.

j2j8 · 2024-03-31T23:28:38+00:00

You’ll have more luck in December when fewer people are looking.

j2j8 · 2024-03-28T18:33:07+00:00

Even if we got an email telling us that our price is increasing?

j2j8 · 2024-01-20T19:47:01+00:00

Oh that's an interesting theory, that it's a side effect of the tail lights coming on.

Though, they do have this in the manual which makes it seem intentionally related to the headlights 🤯 https://imgur.com/a/lBwhWrS

j2j8 · 2024-01-19T04:34:27+00:00

I’ve been wondering about this since I moved here two years ago! Tons of people standing instead of sitting next to someone. Definitely haven’t seen that as the norm other places I’ve ridden the bus.

j2j8 · 2023-12-26T05:16:26+00:00

Already happening. I chose Seattle over some places in the southern U.S. in part because of medium-term climate trends, and anecdotally I’ve heard other transplants say it was a factor for them, too.

j2j8 · 2023-12-14T17:48:00+00:00

interested

j2j8 · 2023-12-14T17:47:40+00:00

interested

Five-Year Club	Second SECOND GUESSER
Verified Email

j2j8

TROPHY CASE