Tailscale exit node + split DNS leaking internal queries?

Running Tailscale as exit node on a Debian VPS. Most traffic routes correctly through the exit, but noticed internal DNS queries for split-horizon domains are sometimes resolving via the public resolver instead of the tailnet's DNS. Setup: - Exit node: Debian 12, Tailscale 1.68.x - Clients: macOS + Linux - Split DNS configured for *.internal.corp Symptoms: ~10% of queries for internal zones hit 8.8.8.8 instead of the MagicDNS resolver. tcpdump on the exit node shows no corresponding traffic — so it's definitely a local resolution path. Anyone else hit this? Is it a resolv.conf ordering issue or a known Tailscale behavior with exit nodes and MagicDNS?