I'm looking into ways to access my home network which is behind a CGNAT. Tailscale looks like the best solution so far. I would like to clarify a doubt on Tailscale
I have a domain name registered with one of the popular services out there. I saw that Tailscale uses MagicDNS. But I wanted to use my personal domain. My doubt is if I want to use my custom domain with Tailscale, the following will be the procedure,
- Setup Tailscale account and add machines.
- My device inside the home network will get a Tailscale IP assigned. From 100.xx.xx.xx pool
- Use this IP to configure an A record in my Domain registrar.
Now when I try to access this domain what will happen is,
- DNS server will resolve the Tailscale IP.
- The outside client will try to connect to my machine in the home network.
- Tailscale takes care of the CGNAT part and helps to establish a direct connection.
- Clients will use the public keys to establish trust and will communicate with each other.
If there is anything wrong in my understanding please correct me. I could not get a clear cut answer on this through searching.
Never used tailscale, but a quick peek at the docs suggest MagicDNS is DNS resolution between devices in your tailscale network. You can use something like a CNAME record with your personal DNS to forward to the MagicDNS.
If you are trying to expose a service to clients not on your Tailscale network, it looks like something like https://tailscale.com/kb/1223/funnel or https://tailscale.com/kb/1242/tailscale-serve might be what you want? Again, could use a CNAME record if they give you a DNS entry.
I considered CNAME, but that is like multiple lookups for loading a single connection. I think this should be the option if it won't resolve directly.
I need to look into the funnel and serve. Serve looks more close to what I'm trying to achieve. Thanks for the help.