Dave Anderson

Yeah, that's a known issue, and we can't do anything about it due to macOS's limitations. macOS's main DNS resolution path is through a system daemon, which understands split DNS...

Thanks for the report. You're right, we should filter exit node availability by ACLs. This depends on the netmap minimization change we're doing for node visibility, but might need a...

Right now we implement this DNS policy by reconfiguring the local resolver on Windows, Mac, Unixen, and iOS. Unless they all support DoT/DoH natively, we can't really make this change....

Aspirationally adding to Tailscale 1.8 milestone. I suspect I won't have time to get to it, but while I'm in this code is the right time to think on it...

We're not going to work on this just yet, blocked on #504. The questions you're asking are exactly the ones we need to answer before building a Kubernetes operator, and...

/cc @soniaappasamy @rosszurowski

Yeah, captive portals typically redirect your HTTP traffic with lying DNS responses, to present a captive portal. Once you've signed in, it notes that your IP/MAC address is allowed and...

One difficulty is that it's unlike any other exit node we have, in that only 1 device in your network gets to use it. Mullvad gives you a few WireGuard...

Or purely a per-device setting that the control plane never sees. That is, we let you interop with mullvad, but don't give you any centralized control. Less "magical", but lets...

Why is there no OS-provided caching in the UserDial case? Windows, macOS and modern linux all provide an OS-level cache afaik, so the only stuff leftover is older linux? Edit:...