Good evening guys,
I recently tried out Proxmox 8 on a couple spare machines before upgrading my production rigs, and may have discovered a possible issue, but cannot totally determine where the problem lies.
Issue: When host is connected to a Tailscale network, with or without accepting DNS, LXC containers created or started after it is connected fail to resolve DNS, and changes to DNS addresses from the Prox web-ui or resolv.conf in the LXC client are either not being recognized or otherwise ineffective.
Replication: Connected 3 nodes Proxmox 8 to a tailnet, both with the official Tailscale control server, or using a self hosted Headscale instance in the cloud. Debian 11,12, and Alpine Linux LXC containers fail to resolve DNS if they are started after the host is on the tailnet. The only resolution is to disable connection at startup and rebooting. While issue occurs, the host is still able to resolve DNS, and changes to resolv.conf and the web-ui for the host are accepted and register the changes correctly.
Additional changes attempted: Steps on guide for Tailscale in LXC were followed, all LXC containers intended to have Tailscale on directly have proper cgroup/tun access. Connecting a container to a tailnet while host is not seems to work okay, until the host is connected and DNS breaks immediately.
I have this setup on my production cluster using Prox 7, with hosts and containers separately connected as nodes in my tailnet, with no issues occurring to DNS. Not sure what else might help here, but hoping that this might bring attention to something that could be an issue, as I cannot risk this problem should I upgrade my main servers.
Thanks!
I recently tried out Proxmox 8 on a couple spare machines before upgrading my production rigs, and may have discovered a possible issue, but cannot totally determine where the problem lies.
Issue: When host is connected to a Tailscale network, with or without accepting DNS, LXC containers created or started after it is connected fail to resolve DNS, and changes to DNS addresses from the Prox web-ui or resolv.conf in the LXC client are either not being recognized or otherwise ineffective.
Replication: Connected 3 nodes Proxmox 8 to a tailnet, both with the official Tailscale control server, or using a self hosted Headscale instance in the cloud. Debian 11,12, and Alpine Linux LXC containers fail to resolve DNS if they are started after the host is on the tailnet. The only resolution is to disable connection at startup and rebooting. While issue occurs, the host is still able to resolve DNS, and changes to resolv.conf and the web-ui for the host are accepted and register the changes correctly.
Additional changes attempted: Steps on guide for Tailscale in LXC were followed, all LXC containers intended to have Tailscale on directly have proper cgroup/tun access. Connecting a container to a tailnet while host is not seems to work okay, until the host is connected and DNS breaks immediately.
I have this setup on my production cluster using Prox 7, with hosts and containers separately connected as nodes in my tailnet, with no issues occurring to DNS. Not sure what else might help here, but hoping that this might bring attention to something that could be an issue, as I cannot risk this problem should I upgrade my main servers.
Thanks!
