DNSScale is a tool that automatically manages DNS records for your Tailscale network devices. It monitors your Tailscale network and creates DNS records in your chosen DNS provider, making it easy to access your devices by hostname.
- Automatic DNS Management: Creates and updates DNS records for Tailscale devices
- Multiple DNS Providers: Supports AWS Route53 and Cloudflare
- Real-time Monitoring: Polls Tailscale API for device changes and updates DNS accordingly
- Tag-based Filtering: Optionally manage only devices with specific tags
- Ownership Tracking: Creates TXT records to track which DNS records are managed by DNSScale
- Structured Logging: Comprehensive logging with configurable levels and formats
- Flexible Configuration: Support for configuration files, environment variables, and command-line flags
- Uses Cloudflare API v4
- Requires API token with Zone:Read and DNS:Edit permissions
- Automatically disables proxy for Tailscale IP addresses
- Uses AWS SDK v2
- Supports AWS profiles and IAM roles
- Requires hosted zone ID
git clone https://github.com/jaxxstorm/dnsscale
cd dnsscale
go build .DNSScale can be configured using a configuration file, environment variables, or command-line flags.
Create a configuration file named dnsscale.yaml:
tailscale:
api_key: "tskey-api-xxxxx"
tailnet: "your-tailnet@gmail.com"
dns:
provider: "cloudflare"
domain: "example.com"
zone_id: "your-zone-id"
cloudflare:
api_token: "your-cloudflare-api-token"
app:
workers: 2
poll_interval: "30s"
required_tags:
- "tag:production"
logging:
level: "info"
format: "console"Run with configuration file:
./dnsscale --config dnsscale.yamlexport TAILSCALE_API_KEY="tskey-api-xxxxx"
export TAILSCALE_TAILNET="your-tailnet@gmail.com"
export DNS_ZONE_ID="your-zone-id"
export DNS_DOMAIN="example.com"
export CLOUDFLARE_API_TOKEN="your-cloudflare-api-token"
./dnsscale --dns-provider cloudflare./dnsscale \
--tailscale-api-key "tskey-api-xxxxx" \
--tailscale-tailnet "your-tailnet@gmail.com" \
--dns-provider cloudflare \
--dns-domain example.com \
--dns-zone-id your-zone-id \
--cloudflare-api-token your-cloudflare-api-token \
--log-level info./dnsscale config example -o dnsscale.yaml./dnsscale --config dnsscale.yaml./dnsscale --dns-provider cloudflare --log-level debugtailscale.api_key: Tailscale API key (get from https://login.tailscale.com/admin/settings/keys)tailscale.tailnet: Your tailnet name (e.g.,example@gmail.comorexample.ts.net)
dns.provider: DNS provider (route53orcloudflare)dns.domain: Domain to manage DNS records fordns.zone_id: DNS zone ID from your provider
dns.cloudflare.api_token: Cloudflare API token with Zone:Read and DNS:Edit permissions
dns.route53.profile: AWS profile to use (optional)dns.route53.region: AWS region (optional)
app.workers: Number of worker goroutines (default: 2)app.poll_interval: How often to poll Tailscale API (default: 30s)app.required_tags: Only manage devices with these tags (optional)
logging.level: Log level (debug,info,warn,error)logging.format: Log format (jsonorconsole)
- Device Discovery: DNSScale polls the Tailscale API to discover devices in your network
- DNS Record Creation: For each device, it creates:
- A record (IPv4) pointing to the device's Tailscale IP
- AAAA record (IPv6) pointing to the device's Tailscale IPv6 address
- TXT record for ownership tracking
- Continuous Monitoring: Regularly checks for device changes and updates DNS accordingly
- Cleanup: When devices are removed from Tailscale, their DNS records are automatically deleted
For a device named web-server in domain example.com:
- A Record:
web-server.example.com→100.64.1.1 - AAAA Record:
web-server.example.com→fd7a:115c:a1e0::1 - TXT Record:
web-server.example.com→"dnsscale-managed node_id=123456"
- Go to https://login.tailscale.com/admin/settings/keys
- Create a new API key with appropriate permissions
- Use the key in your configuration
- Get your Zone ID from the Cloudflare dashboard
- Create an API token at https://dash.cloudflare.com/profile/api-tokens
- Grant the token
Zone:ReadandDNS:Editpermissions for your domain
- Ensure you have AWS credentials configured (via AWS CLI, environment variables, or IAM roles)
- Get the Hosted Zone ID from the Route53 console
- Ensure your AWS credentials have permissions to manage DNS records in the zone
You can configure DNSScale to only manage devices with specific tags:
app:
required_tags:
- "tag:production"
- "tag:webserver"Only devices with these tags will have DNS records created.
DNSScale provides structured logging with configurable levels:
- debug: Detailed information for troubleshooting
- info: General operational information
- warn: Warning messages
- error: Error messages
Logs can be output in JSON format for structured logging systems or console format for human readability.
dnsscale: Run the DNS management servicednsscale config example: Generate an example configuration file
--config: Path to configuration file--log-level: Set logging level--log-format: Set logging format--workers: Number of worker goroutines--poll-interval: Tailscale API poll interval
- Authentication Errors: Verify your API keys and permissions
- DNS Record Not Created: Check if device has required tags (if configured)
- Rate Limiting: Increase poll interval if hitting API rate limits
Run with debug logging to see detailed information:
./dnsscale --log-level debugVerify DNS records were created:
dig web-server.example.com
nslookup web-server.example.com- Store API keys securely (use environment variables or secure configuration management)
- Use least-privilege access for API tokens
- Consider using IAM roles instead of API keys where possible
- Regularly rotate API keys
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
[Add your license information here]
[Add support/contact information here]