diff --git a/auth.go b/auth.go
index d6270ed..976d061 100644
--- a/auth.go
+++ b/auth.go
@@ -98,10 +98,7 @@ func (ta Auth) Authenticate(w http.ResponseWriter, r *http.Request) (caddyauth.U
 	var tailnet string
 	if !info.Node.Hostinfo.ShareeNode() {
 		if s, found := strings.CutPrefix(info.Node.Name, info.Node.ComputedName+"."); found {
-			// TODO(will): Update this for current ts.net magicdns hostnames.
-			if s, found := strings.CutSuffix(s, ".beta.tailscale.net."); found {
-				tailnet = s
-			}
+			tailnet = strings.TrimSuffix(s, ".")
 		}
 	}
 
diff --git a/examples/proxyauth.caddyfile b/examples/proxyauth.caddyfile
index 5f53622..82cbbbb 100644
--- a/examples/proxyauth.caddyfile
+++ b/examples/proxyauth.caddyfile
@@ -25,6 +25,7 @@
   tailscale_auth
   reverse_proxy localhost:3333 {
     header_up X-Webauth-User {http.auth.user.tailscale_login}
+    header_up X-Tailscale-Tailnet {http.auth.user.tailscale_tailnet}
   }
 }
 
@@ -37,6 +38,7 @@
   tailscale_auth
   reverse_proxy localhost:3333 {
     header_up X-Webauth-User {http.auth.user.tailscale_login}
+    header_up X-Tailscale-Tailnet {http.auth.user.tailscale_tailnet}
   }
 }
 
@@ -47,5 +49,5 @@
 # But for an actual application, this could immediately log the user in.
 :3333 {
   templates
-  respond `Hello, {{.Req.Header.Get "X-Webauth-User"}}`
+  respond `Hello, {{.Req.Header.Get "X-Webauth-User"}} from {{.Req.Header.Get "X-Tailscale-Tailnet"}}`
 }