{"id":38617858,"url":"https://github.com/rajsinghtech/tsmagicproxy","last_synced_at":"2026-01-17T08:51:06.769Z","repository":{"id":288663025,"uuid":"968821235","full_name":"rajsinghtech/tsmagicproxy","owner":"rajsinghtech","description":null,"archived":false,"fork":false,"pushed_at":"2025-09-18T11:59:06.000Z","size":29,"stargazers_count":0,"open_issues_count":4,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-18T13:47:22.178Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rajsinghtech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-04-18T19:51:28.000Z","updated_at":"2025-04-19T00:07:53.000Z","dependencies_parsed_at":"2025-04-19T08:30:54.012Z","dependency_job_id":"0e73a766-8440-4869-a9c2-64a7d354cc5e","html_url":"https://github.com/rajsinghtech/tsmagicproxy","commit_stats":null,"previous_names":["rajsinghtech/tsmagicproxy"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/rajsinghtech/tsmagicproxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajsinghtech%2Ftsmagicproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajsinghtech%2Ftsmagicproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajsinghtech%2Ftsmagicproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajsinghtech%2Ftsmagicproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rajsinghtech","download_url":"https://codeload.github.com/rajsinghtech/tsmagicproxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajsinghtech%2Ftsmagicproxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28504553,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T06:57:29.758Z","status":"ssl_error","status_checked_at":"2026-01-17T06:56:03.931Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-17T08:51:06.294Z","updated_at":"2026-01-17T08:51:06.759Z","avatar_url":"https://github.com/rajsinghtech.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Tailscale MagicDNS Proxy (tsmagicproxy)\n\nThis application creates a DNS server that exposes Tailscale's MagicDNS information from a tailnet to external clients. It registers itself as a machine on the tailnet and provides DNS resolution for all machines in your tailnet.\n\n## Features\n\n- Registers itself as a machine on your tailnet\n- Exposes MagicDNS records via a standard DNS server (port 53)\n- Automatically detects the tailnet domain\n- Supports both forward lookups (name to IP) and reverse lookups (IP to name)\n- Containerized for easy deployment\n- Kubernetes deployment with kustomize\n\n## Requirements\n\n- A Tailscale account\n- An auth key from your tailnet (ephemeral or not)\n- Docker (for containerized deployment) or Go 1.24+ (for local builds)\n\n## Quick Start with Docker\n\n```bash\n# Use pre-built image\ndocker run -d --name tsmagicproxy \\\n  -p 53:53/udp \\\n  -e TS_AUTHKEY=\"tskey-auth-xxxx\" \\\n  quay.io/rajsinghcpre/tsmagicproxy:latest\n\n# Or build locally\ndocker build -t tsmagicproxy .\ndocker run -d --name tsmagicproxy \\\n  -p 53:53/udp \\\n  -e TS_AUTHKEY=\"tskey-auth-xxxx\" \\\n  tsmagicproxy\n```\n\n## Building and Running Locally\n\n```bash\n# Clone the repository\ngit clone https://github.com/rajsinghtech/tsmagicproxy.git\ncd tsmagicproxy\n\n# Build the application\ngo build -o tsmagicproxy .\n\n# Run the application (requires sudo to bind to port 53)\nsudo TS_AUTHKEY=\"tskey-auth-xxxx\" ./tsmagicproxy\n\n# Alternatively, run on a different port that doesn't require root\n./tsmagicproxy -listen \":5353\" -authkey \"tskey-auth-xxxx\"\n\n# Force login even if state exists\n./tsmagicproxy -force-login -listen \":5353\" -authkey \"tskey-auth-xxxx\"\n```\n\n## Kubernetes Deployment\n\nWe provide Kubernetes manifests for deploying with kustomize. See the [kubernetes/README.md](./kubernetes/README.md) for details.\n\nQuick start:\n\n```bash\n# Deploy to dev environment (update auth key first!)\nkubectl apply -k kubernetes/kustomize\n```\n\n## Usage\n\n```\nUsage of ./tsmagicproxy:\n  -authkey string\n        Tailscale auth key (default: value of TS_AUTHKEY environment variable)\n  -hostname string\n        Hostname for the tailnet node (default \"tsmagicproxy\")\n  -listen string\n        Address to listen on for DNS requests (default \":53\")\n  -state-dir string\n        Directory to store tailscale state (default \"./tsmagicproxy-state\")\n  -ttl int\n        TTL for DNS responses (default 600)\n  -domain string\n        Domain suffix to append to hostnames (default: auto-detected from tailnet)\n  -force-login\n        Force login even if state exists (default: false)\n  -debug\n        Enable verbose debug logging (default: false)\n```\n\n## Example: Querying for Machines in Your Tailnet\n\nOnce the proxy is running, you can query it using standard DNS tools:\n\n```bash\n# Look up a machine in your tailnet\ndig @localhost myhost.example.com\n\n# Reverse lookup\ndig @localhost -x 100.100.100.100\n```\n\n## Kubernetes Deployment\n\nHere's an example Kubernetes deployment:\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: tailscale-auth\ntype: Opaque\nstringData:\n  TS_AUTHKEY: \"tskey-auth-xxxx\"  # Replace with your actual auth key\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: tsmagicproxy\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: tsmagicproxy\n  template:\n    metadata:\n      labels:\n        app: tsmagicproxy\n    spec:\n      containers:\n      - name: tsmagicproxy\n        image: tsmagicproxy:latest\n        ports:\n        - containerPort: 53\n          protocol: UDP\n        env:\n        - name: TS_AUTHKEY\n          valueFrom:\n            secretKeyRef:\n              name: tailscale-auth\n              key: TS_AUTHKEY\n        volumeMounts:\n        - name: tailscale-state\n          mountPath: /var/lib/tsmagicproxy\n      volumes:\n      - name: tailscale-state\n        emptyDir: {}\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: tsmagicproxy\nspec:\n  selector:\n    app: tsmagicproxy\n  ports:\n  - port: 53\n    protocol: UDP\n  type: ClusterIP\n```\n\n## How It Works\n\n1. The application connects to Tailscale using the provided auth key\n2. It registers itself as a node on your tailnet with the specified hostname\n3. It retrieves information about all other nodes in your tailnet\n4. It starts a DNS server that answers queries based on the MagicDNS information\n5. When a DNS query arrives, it looks up the corresponding machine in your tailnet and returns its Tailscale IP\n\n## Security Considerations\n\n- The auth key used to register this proxy with your tailnet will have access to all your tailnet information, so use an appropriate key with the necessary permissions.\n- Consider using ephemeral keys if you don't want the proxy to be a permanent node in your tailnet.\n- Since this exposes DNS information, be careful about who can access this service.\n- All Tailscale security policies apply as normal. This service only exposes DNS information for nodes that the auth key has permission to see.\n\n## Troubleshooting\n\n- **Can't bind to port 53**: Port 53 requires root/administrator privileges. Either run with sudo/as administrator or use a different port.\n- **Can't connect to tailnet**: Make sure your auth key is valid and has the necessary permissions.\n- **Empty DNS responses**: Check that MagicDNS is enabled for your tailnet.\n- **Connection timeout**: Check network connectivity and firewall settings.\n- **Error about state already existing**: Use the `-force-login` flag to force a new login.\n\n## License\n\nThis project is licensed under the BSD 3-Clause License - see the LICENSE file for details.\n\n## Acknowledgments\n\nThis project uses the Tailscale Go libraries, particularly the `tsnet` package, which allows embedding Tailscale connectivity into Go applications.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frajsinghtech%2Ftsmagicproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frajsinghtech%2Ftsmagicproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frajsinghtech%2Ftsmagicproxy/lists"}