40

I'm currently using an Insider build of Windows 11. (22458)

However, I had this problem a few times on other builds. (and WSL worked before)

When I start WSL, I'm not able to do a DNS request. (Pinging an IP address directly works.)

I tracked this problem down to the file: /etc/resolv.conf

It includes the DNS server address.

The default is: 172.22.192.1

However, this one doesn't work.

If I change it to 1.1.1.1 (Cloud Flare DNS) it works again.

However, after every restart of WSL, it changes it back to the default.

There is a file called wsl.conf in which I can disable generating this file, but if always just deletes the file entirely after every reboot.

So how can I fix this?

My first Idea was to completely reset WSL, but neither resetting the app, nor reinstalling WSL via features fixed it.

Does anyone have another idea what to do?

NotTheDr01ds
  • 22,082
LightJack05
  • 667
  • 2
  • 6
  • 13

13 Answers13

55

As stated by most answers out there, creating the following configuration files and then restarting WSL should be enough:

/etc/wsl.conf

[network]
generateResolvConf = false

/etc/resolv.conf

nameserver 8.8.8.8

However, for some reason my resolv.conf keep getting recreated on every boot.

So I had to make it immutable, like so:

sudo chattr +i /etc/resolv.conf

Many times this issue has bothered me, I ended up making this simple helper code:

https://github.com/epomatti/wsl2-dns-fix-config

Evandro Pomatti
  • 650
12

This is a problem with WSL, not Ubuntu or Windows. There are lots of solutions out there, the best one I found https://gist.github.com/coltenkrauter/608cfe02319ce60facd76373249b8ca6

It also includes VPN info, but the steps work without the VPN also.

  1. Run these commands in the Ubuntu terminal.

    cd ~/../../etc # Go to etc folder in WSL.
echo "[network]" | sudo tee wsl.conf # Create wsl.conf file and add the first line.
echo "generateResolvConf = false" | sudo tee -a wsl.conf # Append wsl.conf the next line.
wsl --terminate Debian # Terminate WSL in Windows cmd, in case the OS is Ubuntu not Debian.
cd ~/../../etc # Go to etc folder in WSL.
sudo rm -Rf resolv.conf # Delete the resolv.conf file.

  2. In Windows cmd, PowerShell or terminal with the VPN connected do: Get-NetIPInterface or ipconfig /all for getting the DNS primary and secondary.

  3. With the DNS primary and secondary gotten from step 2. replace the numbers in the next step in the X.X.X.X

  4. echo "nameserver X.X.X.X" | sudo tee resolv.conf (Create resolv.conf and append the line.)

  5. echo "nameserver X.X.X.X" | sudo tee -a resolv.conf (Append the line in resolv.conf)

  6. wsl --terminate Debian (Terminate WSL in Windows cmd, in case is Ubuntu not Debian).

  7. sudo chattr +i resolv.conf

  8. Finally in Windows cmd, PowerShell or terminal:

    Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000

Credit: @MartinCaccia, @yukosgiti, @machuu and @AlbesK:
https://github.com/microsoft/WSL/issues/4277
https://github.com/microsoft/WSL/issues/4246

karel
  • 122,292
  • 133
  • 301
  • 332
Anthony M
  • 121
6

windows wsl dns issue fixdns

  1. Inside WSL2, create or append file: /etc/wsl.conf

  2. Put the following lines in the file in order to ensure the your DNS changes do not get blown away

    echo "[network]" | sudo tee /etc/wsl.conf
echo "generateResolvConf = false" | sudo tee -a /etc/wsl.conf

  3. In a cmd window, run wsl --shutdown

  4. Start WSL2

  5. Run the following inside WSL2

    sudo rm -rf /etc/resolv.conf
sudo cat << EOF > /etc/resolv.conf
search domain.local
nameserver 8.8.8.8
nameserver 1.1.1.1
EOF
mati kepa
  • 1,111
5

Using the WSL Settings app is the simplest method I've found so far. Disabling Networking -> DNS Proxy enabled option within the app solved the issue for me.

WSL Settings screen

It adds the following to %USERPROFILE%\.wslconfig:

[wsl2]
dnsProxy=false

In this method, /etc/wsl.conf should remain unchanged (meaning generateResolvConf left at its default enabled state).

snipsnipsnip
  • 151
4

The new experimental feature flags (dnsTunneling, mirrored) for WSL 2 fixes this long running issue with DNS resolution while you are using a VPN that dis-allows split tunneling as pointed out in below articles,

https://github.com/jacob-pro/wsl2-dns-agent (thanks to jacob-pro) https://devblogs.microsoft.com/commandline/windows-subsystem-for-linux-september-2023-update/

Steps to fix

  1. Add a .wslconfig file if not present in C:\Users%username%\ directory and add the experimental feature flag configs to switch them ON.

    winget install GNU.nano Optional step to edit text file in CLI using nano

    nano .wslconfig Optional step to edit text file in CLI using nano

    CTRL + X to Exit and Save the changes.

    Add below content to file (description for each feature flag is mentioned in above Microsoft article)

[experimental]
autoMemoryReclaim=gradual
networkingMode=mirrored
dnsTunneling=true
firewall=true
autoProxy=true

  1. Restart WSL2.

    wsl --shutdown

WSL2 DNS resolution started working after above steps.

P.S. I'm on Windows 11 (Version 23H2).

d3vinda
  • 41
2

WSL is getting its IP address (and it's DNS server, netmask and other stuff) from Windows' DHCP Server. Either fix it on Windows, or fix the DNS server on 172.22.192.1.

This is a Windows problem, not a Ubuntu problem.

And No, I don't know how Windows does DHCP.

waltinator
  • 37,856
0

WARNING!!! THIS WILL DELETE YOUR WSL

In my case changing the wsl.conf and resolve.conf just didn't work anymore. In the end I dropped the wsl distro using the command:

wsl --unregister <distro-name>

Than I opened the microsoft store and installed ubuntu 22.04. There it worked out of the box.. finally after hours trying to fix.

Alrik
  • 113
Maarten Kieft
  • 363
0

In my case I was running Cisco AnyConnect VPN, and the WSL container was locked out from the outside world. I shutdown the VPN connection and it worked as expected. Hence, be aware that the VPN connection will not permit WSL to see the outside world, as of the time of this post.

De Phantom
  • 1
0

I had this issue when I was switched to systemd instead of good old init. When updating /etc/wsl.conf - changing systemd=true to systemd=false, DNS issues went away as well as 100% CPU usage of init process.

Michel Samia
  • 891
0

In my Case (Ubuntu 24.04) I have solved this by editing /etc/systemd/resolved.conf and added my preffered config

Because on Ubuntu there is a local DNS Server called systemd-resolved. This Server is running on 127.0.0.53. With the command below you can verify that resolved is running:

root@WSMH:~# ss -tlpn
State    Recv-Q   Send-Q      Local Address:Port       Peer Address:Port   Process
LISTEN   0        4096        127.0.0.53%lo:53              0.0.0.0:*       users:(("systemd-resolve",pid=103,fd=14))
LISTEN   0        4096           127.0.0.54:53              0.0.0.0:*       users:(("systemd-resolve",pid=103,fd=16))

127.0.0.53 is the IP you also find in /etc/resolv.conf. systemd-resolved is generating /etc/resolv.conf. So instead of messing around with this file I'd tell resolved via /etc/systemd/resolved.conf where the next DNS servers are.

[Resolve]
DNS=ip.of.dns.server
Domains=my-domain.local

Before:

root@WSMH:~# resolvectl
Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub

Link 2 (eth0)
    Current Scopes: none
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

After:

root@WSMH:~# resolvectl
Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
Current DNS Server: ip.of.dns.server
       DNS Servers: ip.of.dns.server
        DNS Domain: my-domain.local

Link 2 (eth0)
    Current Scopes: none
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

You have to do systemctl restart systemd-resolved after editing the file. Just leave /etc/resolved.conf as it is

Shardas
  • 1
0

My issue was caused by running docker in rootless mode in WSL. When I ran dockerd-rootless-setuptool.sh install I had errors about being unable to load iptables. This is caused from WSL having iptables integrated in the kernel rather than as a module. So I ran dockerd-rootless-setuptool.sh install --skip-iptables to get docker configured properly for rootless mode. What I didn't realize is that this would add a --iptables=false to the unit file in my user directory.

Docker daemon was being started by systemctl with ExecStart=/usr/bin/dockerd-rootless.sh --iptables=false which caused me to even be unable to ping or traceroute out to 8.8.8.8. Once I discovered this, I removed the --iptables=false from the ExecStart line in ~/.config/systemd/user/docker.service, ran systemctl --user stop docker.service && systemctl --user start docker.service and all was good in containers after that.

Speeddymon
  • 182
0

My setup is WSL2 Ubuntu, and a VPN. The WSL was unable to access any "internal" corporate DNS addresses, although it could access them by direct IP.

As far as I can tell there is no way to tell WSL to "USE WHAT THE HOST OS USES".

The solution was to go into the VPN properties and find what it was using for DNS. Add these into the /etc/resolv.conf. Also add the search domains which can be found by running ipconfig /all in windows, and looking for "DNS Suffix Search List".

search {my.domain.com}
nameserver {vpn dns 1}
nameserver {vpn dns 2}
Jordan Ryder
  • 101
-2

https://docs.microsoft.com/en-us/windows/wsl/install-manual#step-2---check-requirements-for-running-wsl-2

cmd run as admin
wsl --shutdown
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

Then you can start wsl.

anonymous2
  • 4,325
user3073309
  • 5
  • 1