I have a tailscale exit node set up in a Linux VPS. On that VPS I’ve also installed pihole to act as DNS for the tailnet.

When I run a DNS leak test from a machine on the tailnet I get confusing results. I appear to be using servers in my home country (also my current location).

The servers don’t say they are owned by my ISP but I suspect that’s the case. Its the only way the machine could have got their addresses. I’ve tried on multiple machines to test this.

In Tailscale settings each machine is configured to use Tailscale DNS. Tailscale has been told to use Quad9 in the event pihole is unreachable. Needless to say, Quad9 is not located in my home country.

I’m a noob to both Tailscale and pihole so I’m probably missing something obvious?

  • SteveTech@aussie.zoneEnglish
    1·
    4 hours ago

    On that VPS I’ve also installed pihole to act as DNS for the tailnet.

    What’s the upstream server for pihole? Is it also Quad9, or are you doing full recursive DNS with unbound or something?

    Needless to say, Quad9 is not located in my home country.

    Quad9 uses an anycast IP that can route to one of over 200 locations in 90 different nations, usually this routes to your closest location.

    You can use on.quad9.net to check if you are using Quad9.