| 17 May 2026 |
 raitobezarius | yeah, I'm not super familiar with PCP | 16:08:58 |
 emily | If the PCP-controlled device is stateless (that is, it does not
establish any per-flow state, and simply rewrites the address and/or
port in a purely algorithmic fashion, including no rewriting), the
PCP server simply returns an answer indicating the external IP
address and port yielded by this stateless algorithmic translation.
This allows the PCP client to learn its external IP address and port
as seen by remote peers. Examples of stateless translators include
stateless NAT64, 1:1 NAT44, and NPTv6 [RFC6296], all of which modify
addresses but not port numbers, and pure firewalls, which modify
neither the address nor the port.
| 16:09:07 |
| emily | looks like it does envision there might be 6/4 mapping in there! | 16:09:15 |
| raitobezarius | the only way I achieved these things were static allocations via SIIT-DC or MAP-T | 16:09:20 |
| emily | my thinking is that if you have PCP hooked up to the NAT64, then you can also have shim UPnP/NAT-PMP servers that take normal v4 port-forwarding requests, translate them to PCP NAT64 requests, and then translate back | 16:10:42 |
| emily | so if you have kernel v4→v6 translation automatic port forwarding "just works" (maybe) | 16:11:08 |
| emily | "When the address field holds an IPv4 address, an IPv4-mapped IPv6 address [RFC4291] is used (::ffff:0:0/96). This has the first 80 bits set to zero and the next 16 set to one" | 16:11:52 |
| emily | okay yeah, so you can totally mix 6/4 with PCP | 16:12:00 |
| emily | fun! | 16:12:06 |
| emily | I wonder if you can get Linux to automatically make PCP requests for sockets listening on public IPs 😅 | 16:13:33 |
| 18 May 2026 |
 matthewcroughan | Anyone wanna help debug my tailscale? I can't use magicdns on d233902 | 13:47:16 |
| matthewcroughan | and I've bumped a few times, no real changes | 13:47:22 |
| matthewcroughan | IPs can still be pinged at all times, if I restart tailscaled then magicdns works again | 13:47:52 |
| matthewcroughan | Then after some time, a few minutes, magicdns stops working | 13:49:18 |
| matthewcroughan | resolvectl
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 1.1.1.1#cloudflare-dns.com
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 9.9.9.9#dns.quad9.net 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 149.112.112.112#dns.quad9.net 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2620:fe::fe#dns.quad9.net 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google 2620:fe::9#dns.quad9.net
Link 50 (enp199s0f4u1u4)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.5.1
DNS Servers: 192.168.5.1
Default Route: yes
Link 49 (tailscale0)
Current Scopes: DNS
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 199.247.155.53
DNS Servers: 199.247.155.53 2620:111:8007::53
DNS Domain: tail91ecf.ts.net ~ts.net
Default Route: no
Link 2 (enp196s0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Default Route: no
Link 5 (wlan0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.5.1
DNS Servers: 192.168.5.1
Default Route: yes
| 13:50:39 |
| matthewcroughan | this is what it looks like when magicdns is not working | 13:51:08 |
| matthewcroughan | Then, if I restart tailscaled:
user: matthew nixcfg on master [$✘»!+?⇡]
❯ sudo systemctl restart tailscaled
[sudo] password for matthew:
user: matthew nixcfg on master [$✘»!+?⇡] took 2s
❯ resolvectl
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 1.1.1.1#cloudflare-dns.com
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 9.9.9.9#dns.quad9.net 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 149.112.112.112#dns.quad9.net 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2620:fe::fe#dns.quad9.net 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google 2620:fe::9#dns.quad9.net
Link 50 (enp199s0f4u1u4)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.5.1
DNS Servers: 192.168.5.1
Default Route: yes
Link 51 (tailscale0)
Current Scopes: DNS
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 100.100.100.100
DNS Servers: 100.100.100.100 fd7a:115c:a1e0::53
DNS Domain: tail91ecf.ts.net ~0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa ~100.100.in-addr.arpa ~101.100.in-addr.arpa ~102.100.in-addr.arpa ~103.100.in-addr.arpa ~104.100.in-addr.arpa ~105.100.in-addr.arpa ~106.100.in-addr.arpa ~107.100.in-addr.arpa ~108.100.in-addr.arpa ~109.100.in-addr.arpa ~110.100.in-addr.arpa ~111.100.in-addr.arpa ~112.100.in-addr.arpa ~113.100.in-addr.arpa
~114.100.in-addr.arpa ~115.100.in-addr.arpa ~116.100.in-addr.arpa ~117.100.in-addr.arpa ~118.100.in-addr.arpa ~119.100.in-addr.arpa ~120.100.in-addr.arpa ~121.100.in-addr.arpa ~122.100.in-addr.arpa ~123.100.in-addr.arpa ~124.100.in-addr.arpa ~125.100.in-addr.arpa ~126.100.in-addr.arpa ~127.100.in-addr.arpa ~64.100.in-addr.arpa ~65.100.in-addr.arpa
~66.100.in-addr.arpa ~67.100.in-addr.arpa ~68.100.in-addr.arpa ~69.100.in-addr.arpa ~70.100.in-addr.arpa ~71.100.in-addr.arpa ~72.100.in-addr.arpa ~73.100.in-addr.arpa ~74.100.in-addr.arpa ~75.100.in-addr.arpa ~76.100.in-addr.arpa ~77.100.in-addr.arpa ~78.100.in-addr.arpa ~79.100.in-addr.arpa ~80.100.in-addr.arpa ~81.100.in-addr.arpa ~82.100.in-addr.arpa
~83.100.in-addr.arpa ~84.100.in-addr.arpa ~85.100.in-addr.arpa ~86.100.in-addr.arpa ~87.100.in-addr.arpa ~88.100.in-addr.arpa ~89.100.in-addr.arpa ~90.100.in-addr.arpa ~91.100.in-addr.arpa ~92.100.in-addr.arpa ~93.100.in-addr.arpa ~94.100.in-addr.arpa ~95.100.in-addr.arpa ~96.100.in-addr.arpa ~97.100.in-addr.arpa ~98.100.in-addr.arpa ~99.100.in-addr.arpa
~ts.net
Default Route: no
Link 2 (enp196s0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Default Route: no
Link 5 (wlan0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.5.1
DNS Servers: 192.168.5.1
Default Route: yes
| 13:51:30 |
| matthewcroughan | You can see tailscale0 has tons more in it, including the correct dns server 100.100.100.100 | 13:51:50 |
| matthewcroughan | then after some time it reverts back to the broken state, which sees the DNS servers being wrong | 13:52:04 |
| matthewcroughan | Redacted or Malformed Event | 13:53:43 |
| matthewcroughan | Redacted or Malformed Event | 13:53:55 |
| matthewcroughan | https://github.com/tailscale/tailscale/issues/16558 | 13:56:00 |
| matthewcroughan | Yeah IDK then | 13:57:26 |
| matthewcroughan | how diagnose resolved, I can't use nslookup because resolved takes over | 13:57:42 |
| matthewcroughan | May 18 15:09:03 p4 tailscaled[2394634]: LinkChange: major, rebinding: old: interfaces.State{defaultRoute=enp199s0f4u1u4 ifs={enp199s0f4u1u4:[192.168.5.133/24 /64 /64 llu6] wlan0:[192.168.5.176/24 /64 llu6]} v4=true v6=true} new: interfaces.State{defaultRoute=enp199s0f4u1u4 ifs={enp199s0f4u1u4:[192.168.5.133/24 /64 /64 llu6] tailscale0:[100.75.160.14/32 fd7a:115c:a1e0::fd01:a011/128 llu6] wlan0:[192.168.5.176/24 /64 llu6]} v4=true v6=true} diff: ips tailscale0: [fe80::a95c:c3ea:5f16:dbf4/64]->[100.75.160.14/32 fd7a:115c:a1e0::fd01:a011/128 fe80::a95c:c3ea:5f16:dbf4/64] rebind-reason=[ips-changed]
May 18 15:09:03 p4 tailscaled[2394634]: dns: Set: {DefaultResolvers:[] Routes:{ts.net.:[199.247.155.53 2620:111:8007::53]} SearchDomains:[tail91ecf.ts.net.] Hosts:30}
May 18 15:09:03 p4 tailscaled[2394634]: dns: Resolvercfg: {Routes:{} Hosts:30 LocalDomains:[]}
May 18 15:09:03 p4 tailscaled[2394634]: dns: OScfg: {Nameservers:[199.247.155.53 2620:111:8007::53] SearchDomains:[tail91ecf.ts.net.] MatchDomains:[ts.net.]}
May 18 15:09:03 p4 tailscaled[2394634]: wgengine: set DNS config again after major link change
May 18 15:09:03 p4 tailscaled[2394634]: router: portUpdate(port=41641, network=udp6)
May 18 15:09:03 p4 tailscaled[2394634]: router: portUpdate(port=41641, network=udp4)
May 18 15:09:03 p4 tailscaled[2394634]: Rebind; defIf="enp199s0f4u1u4", ips=[192.168.5.133/24 /64 /64 fe80::2e0:4cff:fe68:67/64]
May 18 15:09:03 p4 tailscaled[2394634]: magicsock: 1 active derp conns: derp-8=cr3m0s,wr1m0s
| 14:16:39 |
| matthewcroughan | This is what is logged when the failure begins | 14:16:57 |
| matthewcroughan | Can't tell if client bug or bug in my router config | 14:17:44 |
| matthewcroughan | Like hwy is there even a "major link change" ? | 14:20:13 |
| matthewcroughan | I'm not changing anything | 14:20:17 |
| matthewcroughan | * Like why is there even a "major link change" ? | 14:20:23 |
