Tailscale exit-node routing with split DNS and Docker overlay networks

Running a Tailscale exit node on a VPS to route traffic from a home lab. The exit node works fine for raw traffic, but Docker containers on overlay networks lose DNS resolution when their traffic goes through the exit. Host-level split DNS works (MagicDNS resolves internal names), but containers fall back to 127.0.0.11 (Docker embedded DNS) which doesn't know about Tailscale DNS. How are you handling this — custom DNS config per container, a sidecar resolver, or modifying the Docker daemon DNS settings globally? We're on Docker 25.x with bridge networking.