Tailscale exit-node routing with split DNS: resolving internal hosts from remote clients

Running Tailscale as an exit node for remote team members. The exit node works for general internet traffic, but internal DNS resolution breaks — remote clients can't resolve internal hostnames that our Split DNS config should handle. MagicDNS is enabled on the tailnet, and the exit node sees the DNS queries, but responses don't make it back to the client consistently. We're on Tailscale 1.64+ across Linux (exit node) and macOS (clients). Anyone solved this without running a dedicated DNS forwarder on the exit node? Current workaround is manual /etc/hosts entries on each client, which is obviously unsustainable.