platform: tailnet join must not accept DNS

Tailscale's --accept-dns=true rewrites /etc/resolv.conf to point only
at 100.100.100.100 (MagicDNS). k3s hands that file to pods via the
kubelet, and the pod subnet cannot route to Tailscale's in-kernel
resolver — every DNS query inside a pod times out (symptom: Flux
source-controller logging 'dial tcp: lookup github.com: i/o timeout').

Fix by dropping --accept-dns to false in bootstrap-tailnet.sh. Tailnet
hosts are still reachable on their 100.64.* addresses and via
`tailscale status`, we just don't inherit MagicDNS at resolv.conf
level. If you previously joined with accept-dns enabled, fix the
running node with:  sudo tailscale set --accept-dns=false

Author: ExtraToast

platform/scripts/bootstrap/bootstrap-tailnet.sh

@@ -50,10 +50,15 @@ printf '%s\n' "${TS_AUTH_KEY}" |
   "${ssh_args[@]}" "${ssh_target}" '
     read -r TS_AUTH_KEY
     sudo systemctl enable --now tailscaled >/dev/null
+    # accept-dns=false: otherwise MagicDNS overwrites /etc/resolv.conf with
+    # 100.100.100.100 only, which k3s then passes to pods — and the pod
+    # subnet cannot reach the Tailscale kernel resolver, so every pod DNS
+    # lookup times out. We keep tailnet hostnames resolvable on the host
+    # via `tailscale status` / explicit `100.64.*.*` use instead.
     sudo env TS_AUTH_KEY="${TS_AUTH_KEY}" tailscale up \
       --auth-key="${TS_AUTH_KEY}" \
       --hostname="'"${NODE_NAME}"'" \
-      --accept-dns=true
+      --accept-dns=false
   '
 
 "${ssh_args[@]}" "${ssh_target}" "tailscale status"