| 10 Sep 2025 |
|  @nerves:bark.lgbt left the room. | 12:31:25 |
|  Frédéric Christ (🚄 15.09. - 29.09.) changed their display name from Frédéric Christ to Frédéric Christ (🚄 15.09. - 29.09.). | 13:46:19 |
|  matthewcroughan - nix.zone changed their display name from matthewcroughan @ nixcon to matthewcroughan. | 15:04:27 |
| 11 Sep 2025 |
 adamcstephens | systemctl service-log-level systemd-networkd.service debug . TIL | 02:19:53 |
 ghostbuster91 | hi folks, I am using mesh vpn with headscale, adguard DNS and avahi mDNS. How do I now make mDNS addresses available to the vpn network? GPT told me that I need to propagate have something that will answer DNS queries and respond with mDNS entries. Can I do this with adguard or do I need something else? What would you recommend in this case? | 15:31:02 |
 K900 | Uhhh what | 15:31:16 |
| K900 | Do you want to do mDNS over Tailscale? | 15:31:23 |
| K900 | Or do you want to do a subnet router thing that forwards mDNS? | 15:31:34 |
| ghostbuster91 | Currently when I am on the lan network I am able to resolve mDNS addresses, but if I turn on the VPN I lose that ability. I want to fix this as not all devices can run vpn client | 15:35:26 |
 Katalin 🔪 | is tailscale a tap interface (mac layer)? otherwise, bad news I think unless you can fake mdns somehow | 15:35:43 |
| Katalin 🔪 | mdns needs broadcast support and pretty sure you only get that with a layer 2 tunnel | 15:37:08 |
| ghostbuster91 | yes, but gpt told me that I could have sth that would answer dns queries by translating them to mDNS | 15:38:31 |
| Katalin 🔪 | at that point I would set up a normal dns server with a non-local. zone and use normal dns. I’m just making a somewhat educated guess here so I might be wrong but for this to work with mdns names I assume you need a modified mdns resolver on the client, or serve the local. zone via dns which is forbidden | 15:43:22 |
| ghostbuster91 | ok let me take a step back and explain my use-case. Maybe I did something wrong earlier.
I have headscale that has global dns configured that point to my adguard instance.
| 15:45:06 |
| ghostbuster91 | There I have manual entries xyz.mydomain that points to my serwer (by the vpn ip adderss) | 15:45:39 |
| ghostbuster91 | one of them is esphome.mydomain | 15:45:46 |
| ghostbuster91 | this works great until I want to explore one of the devices listed in esphome dashboard | 15:46:07 |
| ghostbuster91 | this devices advertise themselves by mDNS | 15:46:20 |
| ghostbuster91 | once I am on the vpn I can see the esphome dashboard by I cannot enter into any device | 15:46:43 |
| ghostbuster91 | * once I am on the vpn I can see the esphome dashboard by I cannot enter into any device's details | 15:46:51 |
| ghostbuster91 | * these devices advertise themselves by mDNS | 15:47:16 |
| Katalin 🔪 | can you make the dashboard proxy the info instead of requiring the client to access the devices directly, or set non-mdns names for the devices? | 15:48:04 |
| Katalin 🔪 | otherwise if this can’t be changed I would really just use openvpn or some othe tap tunnel | 15:48:32 |
| Katalin 🔪 | and then it should just work | 15:48:39 |
 toonn | K900: Do you have a way of getting mDNS to work over Tailscale? | 15:48:42 |
| ghostbuster91 | I don't think so. The info pages use websockets to propagate realtime information | 15:49:34 |
| ghostbuster91 | Yeah that would work | 15:49:52 |
| Katalin 🔪 | because this still sounds like you will need mdns queries to work, which fundamentally rely on broadcast to work
GPT told me that I need to propagate have something that will answer DNS queries and respond with mDNS entries
any way I could interpret this ranges from “might work but forbidden by the spec” to “might work but extremely sketchy”. but let’s see what K900 says, he is the tailscale guy
| 15:59:37 |
| Katalin 🔪 | In reply to @saiko:knifepoint.net
can you make the dashboard proxy the info instead of requiring the client to access the devices directly, or set non-mdns names for the devices?
domain (Optional, string): Set the domain of the node hostname used for uploading. For example, if it’s set to .local, all uploads will be sent to <HOSTNAME>.local. Defaults to .local.
is this related? I have no idea what it’s talking about with “uploads” but if so, you could actually change the domain suffix from what it looks like to something that can be resolved everywhere https://esphome.io/components/wifi/
| 16:04:24 |
| Katalin 🔪 | people are also saying you can use static IPs but 👎 | 16:05:55 |
