I have a Brume 2 (FW 4.5) and have enabled AdGuard + Tailscale. I’m not using any other VPN (Wireguard is off). I’ve setup Subnet routing and I can reach any device in my network when I’m connected to the Tailscale network. This works.
I’m now trying to use the AdGuard DNS when connected to Tailscale but for some reason this does not work. To keep it simple I disabled MagicDNS in Tailscale, and just added my Brume/AdGuard tailscape IP as global nameserver like below.
The Brume is has a Tailscale IP address of 100.x.x.75).
Whatever I try after setting custom nameservers in Tailscale 100.100.100.100 is acting as the main DNS (this could be because it falls back to 100.100 because my nameserver is not working?):
❯ scutil --dns
DNS configuration
resolver #1
search domain[0] : internal.home.net
nameserver[0] : 100.100.100.100
if_index : 19 (utun4)
flags : Supplemental, Request A records, Request AAAA records
reach : 0x00000003 (Reachable,Transient Connection)
order : 100200
The DNS ports are not blocked:
❯ nc -v -z 100.xx.xx.75 53
Connection to 100.xx.xx.75 port 53 [tcp/domain] succeeded!
❯ nc -v -z 100.xx.xx.75 3053
Connection to 100.xx.xx.75 port 3053 [tcp/dsom-server] succeeded!
~ ❯
But when trying to use the DNS with dig it fails:
❯ dig @100.xx.xx75 www.google.com
; <<>> DiG 9.10.6 <<>> @100.xx.xx.75 www.google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Is there anything I’m missing? There is some documentation on getting it to work with PiHole and Unbound but I can’t seems to find anything how to get it working with AdGuard/Glinet/OpenWRT.
There’s this guide that suggests adding --accept-dns=false and I tried this as well in the by ssh’ing into my brume and running talescale up --accept-dns=false + default params but it doesn’t seem to have a change.
Anyone that could point me in the right direction - would be great to have 1) resolve my internal hostnames and 2) have adblocking when connected to Tailscale VPN.
Thanks!