Solving Tailscale DNS issues

As I mentioned the other day, I fell in love using Tailscale for making my local private network accessible remotely. I’m also using this in my company, but with one colleague, had an issue, I didn’t find any documented solution online. So here is mine.

I have a Tailscale network with multiple self-hosted services running in Docker and made available with Tailscale. If you have an account and your account is invited to the network, you can access them. This worked for 2 of 3 colleagues. The third had the Tailscale client running on their Windows, it showed up as active in the Tailscale admin console and the list of machines. It looks like it runs perfectly, but when you try access the the service within the network, it fails in Firefox with the error PR_END_OF_FILE_ERROR or SSL_ERROR_INTERNAL_ERROR_ALERT. In other browsers the error would just show as a connection error.

If you put the service in a public Tailscale tunnel, access is possible.
if you go on their machine, open Powershell and call tailscale status it would show all status just fine. Calling tailscale ping <service-name> shows success ping to the service.

I tested Windows defender and firewall settings, but could not find anything that could explain the issues.

Calling tailscale dns status provides on the machine provides an overview of the dns options Tailscale is using. Here it showed this:

=== 'Use Tailscale DNS' status ===

Tailscale DNS: disabled.

Tailscale is configured to handle DNS queries on this device.
Run 'tailscale set --accept-dns=false' to revert to your system default DNS resolver.

So I switched this on:

tailscale set --accept-dns=true

Et voila, calling the service work again!

So now I’m in this half-satisfactory space of having a solution, but not knowing the root cause. My guess is that this colleague hasn’t updated Tailscale since them installed it initially in October and when they installed the latest version, it did not install the latest default configurations properly.

My expectation would be that turn Tailscale DNS off again, would lead to the same issue, but it didn’t.

tailscale set --accept-dns=false

So something is weird, is resetted when activated DNS and stays good when deactivating it again.
Well it works, for now and I hope it’s a permanent solution.

Everchords is sunsetted

Back in 2018 I had a problem. I was writing song lyrics in Evernote, but displaying them for playing was annoying. I started work on Everchords a tiny platform allowing you to connect your Evernote account and display SongPro lyrics beautifully. Over time I added more convenience features for songwriting that helped me a lot to streamline my song writing process. This was a big help when producing Bettlektüre.

All this ended a year ago, when I stopped using Evernote. So it wasn’t part of my workflow anymore. I kept doing security updates, but these took more effort lately. I thought for a long time how to continue it, but ultimately, I don’t know. I’m using Obsidian.md now, which does not have similar APIs. While all data is fully accessible being “just markdown files”, there is no default pipeline to process and there are so many ways to build this pipeline, that it makes little sense to build and maintain a full platform around this. So I decided to take offline.

The itch it scratched is still there, as I write my notes in , I may want to have a better songwriting experience again. We will see in time how I will change my process, adopt a different tool set or build something again to cover this.