I'm split on this. According to your links, it tries to cooperate with the system resolver. If it can't find a way to do it, then yeah, it kinda has to replace it.

Of course, they could put this much more front and center in the docs, so that if you're running some funky setup and know what you're doing, you should be able to easily do it - which you probably can with the `--disable-dns thing`. But putting it in a prominent spot in the docs could help to not overlook this.

I've just checked the setup on a machine running systemd-networkd and resolved, and resolv.conf wasn't touched. It only added a specific dns setup for the tailscale0 interface, which only covers my tailnet name and ips. It doens't even show as a fallback or whatever in the global section.

> the option of whether or not `tailscaled` overrides your default nameservers can be configured remotely without you knowing it's happening!

I mean, there's two situations. Either we're talking about a "pro" environment, where corp vpns taking over your local network config, as much as I hate it, isn't exactly news. Then there's the personal plans users, in which case, if the DNS changes without you knowing, you probably have way bigger problems.