For context: I am using (rootful) Podman containers on my host, which is also connected to a Tailscale VPN. The host's DNS is configured via systemd-resolved.
Since yesterday I have been struggling with my Roundcube (web mail client) container being extremely slow to connect to my mail server container, every action (logging in, listing folders, opening a message) would load at least 5 seconds. Then I realized that every container's /etc/resolv.conf will begin with the following lines whenever the container is started while Tailscale is enabled:
search headscale.ts.net nameserver 100.100.100.100 ... I assume that's why the Roundcube container first tries to resolve the mail server's domain name via Tailscale which takes a while and then fails, before he finally resolves the domain correctly using the other DNS servers.
As soon as I turn off Tailscale and restart the container, everything works perfectly fine and the /etc/resolv.conf does not contain the Tailscale DNS server anymore.
I'm not sure how to solve this, so my question(s) would be:
- Is there some way to configure the containers to skip Tailscale DNS resolution for non-Tailscale domains
- How could I tell the container not to use the Tailscale DNS servers while still having it enabled on the host
