This is one of the big problems with tailscale for home users. For people who only access a system remotely (e.g. a corporate VPN) it is amazing. For people who are both on and off network… yeah.

What I actually settled on was NOT using one of my domains and to instead just use the tailscale FQDNS in all situations. Mostly because I saw they added more human readable names so it is now like foo.happy-panda.ts.net instead of foo.tb12415161613616161616.ts.net

• Externally? I just activate the tailscale app and I can see foo.sad-hamster.ts.net with zero additional config. Which is good if I am using an app on my phone or helping someone I trust set up their own machine without needing to drive/fly out there with a laptop.
• Internally? I actually just added a simple DNS override locally (I use unbound via opnsense for this but you can also do it with a pihole if you really want to). So foo.sad-hamster.ts.net goes to foo.localdomain which goes to a 192.x IP seamlessly

End result is that I don’t need any special config in any devices or apps and everything just uses the tailscale FQDN regardless of whether it is a “client” connected to the tailscale itself. Which ALSO avoids issues where things stop working during an internet outage.

I’ve seen alternative setups that specify their own DNS server in their tailnet and… that is a lot of effort if you ask me. Also it seems to be the leading cause of “When I connect to my tailnet I can’t see the outside internet anymore”.