I would like to make my adguard install my primary dns server accessable outside of my lan by setting it in tailscale. Following the official tailscale guide for a pihole it says just set the tailscale ip of the device as the dns server and presto changeo, but that doesn’t work for me (using the truenas server IP). I’ve tried it as a split dns nameserver and it sees no traffic, and as the only server I have no Internet access at all, both of these even on my wifi. It does indeed work correctly if I set it normally like through my router. The network settings are default, dns port 53 and the same local IP as the machine (had to alias the dns ip to the server ip, it wouldn’t up with no alias or 0.0.0.0) so I’m not entirely sure what’s going wrong, especially when googling most other people say this exact setup, even citing the same exact guide, works perfect for them 1st try with no future problems.
Both containers must be in the same net, otherwise they will be isolated from each other; in my case i use pihole and wireguard, but should be tbe same: i have create a shared network; i have added the reference into the YAML on both apps, with a specific ip; wireguard have also the DNS specified as the internal shared network ip of pihole
they are both on the same interface, do you mean they both have to be on a bridge?
No not bridge. In the world of docker each container gets their own dedicated internal docker network and is isolated from other containers. For apps to communicate with each other they have to share a common docker network
so “Expose port for inter-container communication”?
i do not use the buildin truenas apps, so i can’t tell you if that setting needs to be set. All my apps are deployed via my own yaml with portainer and have all have one additional common network build in.
i can access any of my apps via tailscale using the ip or magicdns of the server plus port, doesnt that mean that this should be working as intended or at least the containers can communicate with each other?
do you use truenasip:port or dockerip:port? because if you use truenasip:port then no. It’s using port binding from the port on the truenas ip to the ip of the docker network.
the tailscale ip. all of the apps are on the same local ip as the server just with different ports.
What you should simply try to understand what me and @LarsR are meaning Is to enter in the Tailscale container and try to resolve the adguard one. What I can’t tell you Is how to fix that with app catalogue, i neither use them.
Also from Shell a docker ps should show that the containers are on different subnet ( eg 172.0.1.1 and 172.0.2.1)
to make things easier, i found a command that lists the subnets each container is using
docker network inspect $(docker network ls | awk '$3 == "bridge" { print $1}') | jq -r '.[] | .Name + " " + .IPAM.Config[0].Subnet'
This should show you the container name and the subnet it uses.
got it working by adding a tailscale subnet to the truenas server of the local address space (192.168.0.0/24). now i can set it as my dns via tailscale using adguards local ip, and my redirect to nginx for reverse proxying my apps to arbitrary host names (ie jellyfin.lan) work both on lan AND wan with the exact same hostname. also works with other dns services that do rewrites, tested with nextdns pointing to the local ip and again it all works on lan and wan (obviously needs to be your tailscale dns).
the only thing i dont like is that all of the dns requests come though the container net/ip/whatever (172.16.1.1, assuming this belongs to tailscale) rather than being separated by ip/client name, not entirely sure how to fix this or if it is even possible using this route.
maybe if i rather set the server as an exit node it might work, but it does not want to turn on, even enabling the setting inside of the app config it will not give me the option in my tailscan admin console.