Fix PVE LXC DNS Problem Caused by Tailscale

Proxmox injects DNS settings into LXC containers based on the host’s own /etc/resolv.conf.

If your container’s resolv.conf shows:

# --- BEGIN PVE ---
search tailc2e3ef.ts.net
nameserver 100.100.100.100
# --- END PVE ---

That means:

Proxmox read the host’s DNS settings
Saw that the host is using Tailscale MagicDNS
And pushed those DNS settings into the container

This happens because LXC containers inherit DNS from the host unless you explicitly override it.

And Tailscale’s MagicDNS server is always:

100.100.100.100

So the container is simply reflecting the host’s configuration.

Why this happens specifically with Tailscale

When you enable MagicDNS on the Proxmox host:

Tailscale rewrites the host’s /etc/resolv.conf
Proxmox reads that file
Proxmox injects the same DNS into every LXC container

This is the exact mechanism Proxmox uses:

Proxmox → `/etc/pve/lxc/<CTID>.conf` → container `/etc/resolv.conf`

If the host uses Tailscale DNS, the container will too.

How to stop LXC containers from using Tailscale DNS

You have three clean options, depending on what you want.

Option 1: Override DNS per‑container (recommended)

Edit the container config on the Proxmox host:

nano /etc/pve/lxc/<CTID>.conf

Add:

nameserver: 1.1.1.1
searchdomain: yourlan.local

Restart the container:

pct restart <CTID>

This forces the container to ignore the host’s DNS.

Option 2: Tell Tailscale NOT to rewrite DNS on the host

On the Proxmox host:

tailscale set --accept-dns=false

This stops Tailscale from modifying /etc/resolv.conf.

Your host will go back to using your LAN DNS, and containers will inherit that instead.

Option 3: Use a custom resolv.conf inside the container

Inside the container:

rm /etc/resolv.conf
echo "nameserver 1.1.1.1" > /etc/resolv.conf

But note:
Proxmox may overwrite this on reboot unless you also set nameserver: in the CT config.

Want to confirm what the host is doing?

Run this on the Proxmox host:

cat /etc/resolv.conf
tailscale status
tailscale ip -4

You will almost certainly see:

nameserver 100.100.100.100
search tailc2e3ef.ts.net

Which matches exactly what the container inherited.

omsLabs

Fix PVE LXC DNS Problem Caused by Tailscale

Why this happens specifically with Tailscale

Proxmox → `/etc/pve/lxc/<CTID>.conf` → container `/etc/resolv.conf`

How to stop LXC containers from using Tailscale DNS

Option 1: Override DNS per‑container (recommended)

Option 2: Tell Tailscale NOT to rewrite DNS on the host

Option 3: Use a custom resolv.conf inside the container

Want to confirm what the host is doing?

Leave a Reply Cancel reply

Fix PVE LXC DNS Problem Caused by Tailscale

Why this happens specifically with Tailscale

Proxmox → /etc/pve/lxc/<CTID>.conf → container /etc/resolv.conf

How to stop LXC containers from using Tailscale DNS

Option 1: Override DNS per‑container (recommended)

Option 2: Tell Tailscale NOT to rewrite DNS on the host

Option 3: Use a custom resolv.conf inside the container

Want to confirm what the host is doing?

Leave a Reply Cancel reply

Proxmox → `/etc/pve/lxc/<CTID>.conf` → container `/etc/resolv.conf`