Everything was working great for years, until I updated to 6.1.4.
Prior to 6.1.4 my setup was as follows:
Computers connect use Tailscale pointed at the pihole ip for DNS. Pihole queries unbound at 127.0.0.1#5335. Unbound queries mulvad dns over TLS at 194.242.2.4@853
Today I updated to 6.1.4 and, despite not changing any configs, can no longer resolve dns over Tailscale. If I disable Tailscale and point my computer dns resolution directly at the local lan ip address for the pihole it still works.
Pihole is running on ubuntu 20.04.6 LTS
Ive been screwing with it all day, but I am just going in circles at this point and dont know what else to do. Does anyone have dns over Tailscale working on 6.1.4??
If I disable Tailscale and point my computer dns resolution directly at the local lan ip address for the pihole it still works.
So Pi-hole is working fine, but there is a misconfiguration somewhere between it, your unbound settings and your tailscale settings.
A few things you might like to try:
Do you have Pi-hole set to Permit all origins in settings -> dns-> expert ? (Only do this if you are certain that your machine is not accessible from outside of your network). This will allow Pi-hole to respond to queries arriving on the tailscale0: network interface.
Do you have its tailscale IP set as the global DNS server in the tailscale dashboard, and Override DNS servers selected (eg this, but with your Pi-hole's IP under "global nameservers"):
You can also test that your system has access to the mullvad ip you specified when tailscale is running (to rule out anything being blocked in that direction) by SSHing in to the system you are running Pi-hole on, re-enabling tailscale, and at the command prompt try the following:
dig www.google.com @194.242.2.4 +tls
The output should resemble this:
$ dig www.google.com @194.242.2.4 +tls
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> www.google.com @194.242.2.4 +tls
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27090
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 367265b884df50710100000068903307a99f4ed776f36a57 (good)
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 229 IN A 142.251.12.103
www.google.com. 229 IN A 142.251.12.105
www.google.com. 229 IN A 142.251.12.99
www.google.com. 229 IN A 142.251.12.106
www.google.com. 229 IN A 142.251.12.147
www.google.com. 229 IN A 142.251.12.104
;; Query time: 227 msec
;; SERVER: 194.242.2.4#853(194.242.2.4) (TLS)
;; WHEN: Mon Aug 04 14:11:51 AEST 2025
;; MSG SIZE rcvd: 167
