3 minutes
Tailscale device names in Pi-hole
I run Tailscale and Pi-hole on a small Odroid C2 SBC1. While perusing my Pi-hole’s DNS query log, I noticed that
all my Tailscale clients (which use
my Pi-hole for DNS)
appeared as IP addresses (100.x.y.z) rather than device names. This makes tracking what actual device
made the query nearly impossible. Fortunately, the solution is pretty uncomplicated!
Local Clients x Pi-Hole
If your Pi-hole is already your network’s canonical DHCP
server (and it should be!),
then all your local devices will have a hostname within the Pi-hole console. However, that hostname might be useless –
for example, my Google TV announced
itself by the excellent and memorable name HS105 🤦🏾♂️
To combat this, you can “hardcode” a name for specific local clients2, especially ones with bad default names. Let’s use my stupid Google TV as an example:
Find your client’s MAC address. If it’s a device with multiple MACs (e.g. a laptop with ethernet + wifi) you should grab both of them.
- If you can’t immediately find the MAC address, sometimes you can back into the MAC via the local IP address. Pi-hole’s DHCP section called Currently active DHCP leases is helpful here. If it’s an IoT device, usually you can find the local IP address in the app/device settings.
Go to your Pi-hole’s DHCP Settings and add a Static DHCP Configuration for each client you want to rename. For my Google TV, it looks like this:
aa:bb:cc:11:22:33,Google-TVIf you’ve got multiple MACs to tie to the same hostname, just list them both:
aa:bb:cc:11:22:33,Google-TV aa:bb:cc:12:34:56,xx:yy:zz:56:78:90,My-Laptop
Note: If you want to assign a static IP to a device, you can do it here too - just put the desired IP in between the MAC and the client name. Fortunately, this is optional, even if the docs don’t state that explicitly.
Tailscale Clients x Pi-hole
The above won’t work for Tailscale because Tailscale handles its own DHCP for clients on the tailnet – i.e. since Pi-hole isn’t assigning an IP address, a static DHCP record won’t do anything.
Instead, we’ll use a new (to me) feature called Conditional Forwarding3, which can be found under the DNS Settings.
Note: if you don’t see Conditional Forwarding at the bottom of the page, you should toggle Basic -> Expert (top right of the page)
Add this in the Conditional Forwarding text box:
true,100.64.0.0/10,100.100.100.100
Where:
true= enable conditional forwarding100.64.0.0/10: Tailscale’s device IP range (from the docs)100.100.100.100: Quad100 does many things, including being Tailscale’s DNS resolver
Save and apply, and the next DNS request made by your Tailscale client will show up as the fully-qualified (Tailscale)
domain name – e.g. plex-server.yak-bebob.ts.net4
Success! 🎉
Credits / Links
Like most of my blog posts, all the info already existed online, but it wasn’t organized exactly how I’d like. These two pages were invaluable as I fought with Pi-hole configs at 11:45pm on a Wednesday.
- https://alexdobin.com/posts/tailscale-hostnames-for-pi-hole-stats/
- https://discourse.pi-hole.net/t/how-to-show-tailscale-hostnames-in-pihole/80603
Single-Board Computer; think: Raspberry Pi, but from HardKernel, rather than a company that hired a former covert surveillance cop as a “maker in residence” and then acted surprised when users pushed back ↩︎
Tailscale machines, even those operating on your local network, aren’t seen as “local” since Tailscale handles its own DHCP, and by default, DNS ↩︎
I.e., forward if the IP address matches this condition ↩︎