Override local DNS option for Pihole and Adguardhome?

[Akruidenberg]

I would like to add my Adguard server to Headscale/Tailscale. However, i need an option for my clients to only use my own DNS server.
I can't find such option in Headscale, Tailscale does have this option.
Is it possible to add this option to Headscale?

Thanks in advance!

[asabla]

Not sure if this is actually what you're looking for, but in the example configuration on line ~120. There are DNS-configuration settings

https://github.com/juanfont/headscale/blob/main/config-example.yaml#L120

[Akruidenberg]

My clients are connected to my adguard home dns. However, they are not forced to use the adguard dns only. That's why I need an override option for this.

[gmmoreira]

Tailscale admin panel has an option to override local DNS. The option forces the client to always use the configure DNS in tailscale admin and ignore local DNS.

I also used this option in tailscale so I could use my unbound+hblock DNS in any of my clients, even outside of my home.

[Akruidenberg]

@gmmoreira this is exactly what I want. I would such option in headscale.

[Goeks1]

I think @asabla's comment is exactly what you are looking for. Its expose and overwrite the DNS addresses. As I can see you are able a list of DNS servers

[Akruidenberg]

@Goeks1 that's not true. It will add my adguard server to my existing DNS servers from My router, but they aren't override.

[Akruidenberg]

@kradalby is it possible to add this feature?

[gmmoreira]

To clarify the matter: https://github.com/tailscale/tailscale-android/blob/main/android/src/main/java/com/tailscale/ipn/DnsConfig.java

Tailscale's DNS support can either override the local DNS servers with a set of servers
configured in the admin panel, or supplement the local DNS servers with additional
servers for specific domains like example.com.beta.tailscale.net. In the non-override mode,
we need to retrieve the current set of DNS servers from the platform. These will typically
be the DNS servers received from DHCP.

Anyway, I think I have solved my problem. I could not use any of my hosted services when using mobile data. My only external client is my android smartphone and I already the app customized. In my headscale config.yml I have the nameservers key with the tailscale ip address of my dns server.

dns_config:
  # List of DNS servers to expose to clients.
  nameservers:
    - 100.64.x.y

I took a look in the app source code and noticed it will log the dns configuration when the vpn starts. I them used adb logcat and noticed it was indeed receiving the ip address of my dns, but in url format (http://100.64.x.y:58436/dns-query). I confirmed my server was indeed listening to that port. After some research I discovered that url path is for DNS over HTTP(s). I confirmed it was receiving queries running tcpdump on that port.

My unbound has some local entries, pointing to the ip address of my router DHCP range. The missing piece was running tailscale in my server advertising that ip range route.

sudo tailscale up --accept-dns=false --advertise-exit-node --advertise-routes=192.168.x.y/24

By allowing that route in headscale I could finally resolve and connect to my web services. I'm still not sure if it's overriding all DNS to use only my configured one.

[Akruidenberg]

Here is another article:
https://tailscale.com/kb/1114/pi-hole/

All the features are available in headscale except the override option. It would be really nice to have.

[mlincett]

As a workaround, it should be possible to set it manually with resolvectl -a wg0 -x (similar syntax for resolvconf).