I use a mixture of --advertise-subnet on a dedicated tailscale VM to act as an exit node for when I'm away and ephemeral sidecars for everything I run in containers, this gives me magic dns but doesn't work with everything. I.e. I couldn't get a transmission-torrent container to download reliably with this setup and I have no idea why.