Frustrating interaction. tailscale MagicDNS breaks LXC under Proxmox. The solution is to start tailscale with --accept-dns=false on the Proxmox server. This is well documented by Tailscale but I missed it. In detail…
I have tailscale installed on the Proxmox hypervisor host, with MagicDNS enabled. If I start an LXC container then DNS doesn’t work at all in the container’s guest operating system.
The underlying issue is how tailscale does MagicDNS, how it answers DNS queries to supply its own answers for your hosts at *.*.ts.net. On Linux it does this by rewriting /etc/resolv.conf setting nameserver 100.100.100.100. The details of how it does this are complex because so many other things on a modern Linux box are also trying to overwrite that file. (Yes, systemd is involved). But it seems to work fine on the Proxmox server.
What doesn’t work is MagicDNS inside an LXC container. When you launch LXC it seems to start with a copy of whatever /etc/resolv.conf is in the Proxmox host. (Every time; if you reboot the container it gets a new copy.) So if tailscale is running it can pick up that 100.100.100.100 nameserver. Unfortunately the LXC guest operating system does not have access to that IP address (nor to any of your tailnet, it shouldn’t!) So DNS doesn’t work.
The simple fix is to turn off tailscale on the proxmox server: tailscale down. But it’s nice to have tailscale to access the server! If you run tailscale up --accept-dns=false then there’s no MagicDNS on the Proxmox server and /etc/resolv.conf is left alone. This setting seems to be sticky, it’s persisting even though I didn’t edit any config files.
Another option the docs mention is writing a /etc/.pve-ignore.resolv.conf file in the LXC container’s filesystem. That’s part of a general mechanism to have Proxmox not overwrite files in LXC guests.
Nelson's log 