41

I'm currently using an Insider build of Windows 11. (22458)

However, I had this problem a few times on other builds. (and WSL worked before)

When I start WSL, I'm not able to do a DNS request. (Pinging an IP address directly works.)

I tracked this problem down to the file: /etc/resolv.conf

It includes the DNS server address.

The default is: 172.22.192.1

However, this one doesn't work.

If I change it to 1.1.1.1 (Cloud Flare DNS) it works again.

However, after every restart of WSL, it changes it back to the default.

There is a file called wsl.conf in which I can disable generating this file, but if always just deletes the file entirely after every reboot.

So how can I fix this?

My first Idea was to completely reset WSL, but neither resetting the app, nor reinstalling WSL via features fixed it.

Does anyone have another idea what to do?

NotTheDr01ds
  • 22,381
LightJack05
  • 687
  • 1
    Are you using a VPN that might change the resolver when it is active? – NotTheDr01ds Sep 21 '21 at 20:34
  • Just a heads-up that I've deleted my answer since it was for WSL/Ubuntu on Windows 10, and Win 11 definitely behaves differently. I'll try to see if I can figure out how to fix it on Ubuntu under Windows 11. – NotTheDr01ds Sep 22 '21 at 19:49
  • 1
    @NotTheDr01ds OMG I just realized the problem is my firewall. Its blocking the DNS request from the linux VM. What is WSL listed as in firewall settings, so I can whitelist it? Or even better, how can I select that the Connection to WSL is a private network? – LightJack05 Sep 24 '21 at 19:54
  • Interesting - Are you sure its the Windows Firewall that's blocking it? My Win11 VM is set to Public for the VM itself, but I can still connect to it through RDP, and the WSL instances within it are resolving DNS with no problem. I don't know of a way to change the WSL vNIC to Private -- In fact, in Windows 11, the vNIC seems to be hidden from the Windows UI entirely (but still shows up with ipconfig). But I'm wondering if maybe the Pi-hole could be refusing the WSL instance? – NotTheDr01ds Sep 24 '21 at 20:19
  • Anyway, what happens if you (temporarily) change the entire Win11 network profile to "Private" (if you are on a "safe" network, at least) - Any difference in how WSL responds? (also, thanks for @tagging me so that I got a notification!) – NotTheDr01ds Sep 24 '21 at 20:19
  • Also, given that we're thinking this is more a problem on the Windows side (it's definitely not Ubuntu related), and you haven't had any other replies from anyone on Ask Ubuntu, it might be time to delete this one and recreate the question on Super User. – NotTheDr01ds Sep 24 '21 at 20:22
  • And a potentially relevant Super User answer. At least as of two years ago it wasn't possible to set the WSL vNIC to private. I haven't seen any indication that it would be different, but Win11 does seem to have some pretty substantial changes in this area. – NotTheDr01ds Sep 24 '21 at 20:24
  • @NotTheDr01ds Ok, I guess I'll head over to the Microsoft community. I'll try to figure out how to change the Network profile to private (Its showing as unidentified in windows security and not at all in network settings). The actual problem was that I had selected for the Windows firewall to block anything incoming when connected to a public network. Thanks for the help! – LightJack05 Sep 25 '21 at 09:40
  • @NotTheDr01ds In case you want to take a look at the question, here is a link: https://answers.microsoft.com/en-us/windows/forum/all/change-the-wsl-network-profile-from-public-to/c62b7bc3-8faf-44bc-8b67-848357352534 – LightJack05 Sep 25 '21 at 09:54
  • The problem is the VPN Ethernet Adaptor's DNS server settings are not taken by the WSL. These steps worked for me to add these settings manually: https://gist.github.com/akshayhiremath/1b3bff527b3eca6cd41cf60ce88f3a56/8570f9fb4dbd681fc7aabcc817fa18cbab5f1e86#file-fix-wsl2-dns-resolution I have forked and updated the steps by https://gist.github.com/coltenkrauter to make them easier. – Akshay Hiremath May 01 '22 at 23:57
  • Info on setting up named (bind) is in a comment here: https://github.com/microsoft/WSL/issues/11022 – cnd Jul 24 '24 at 13:30

13 Answers13

56

As stated by most answers out there, creating the following configuration files and then restarting WSL should be enough:

/etc/wsl.conf

[network]
generateResolvConf = false

/etc/resolv.conf

nameserver 8.8.8.8

However, for some reason my resolv.conf keep getting recreated on every boot.

So I had to make it immutable, like so:

sudo chattr +i /etc/resolv.conf

Many times this issue has bothered me, I ended up making this simple helper code:

https://github.com/epomatti/wsl2-dns-fix-config

Evandro Pomatti
  • 660
  • 1
    This worked for me however it seems something creates a symlink for resolv.conf to another file. I had to delete the symlink first. Might be a newer version of WSL. The changes survived a WSL restart. – MikeKulls Nov 04 '22 at 00:17
  • works like a charm! – Alex Apr 16 '23 at 02:49
  • One additional note for this: reboot the WSL distribution after making the change to wsl.conf. The setting to not overwrite resolv.conf is only respected after the next boot, so if you modify resolv.conf in the same session, your changes will still be overwritten one last time (hopefully). – Daniel Saner Jun 13 '23 at 15:06
  • 1
    Read man systemd-dnsmasq to see about the /etc/resolv.conf symlink. Ubuntu network administration has gotten more (or less) complex as systemd has taken over. – waltinator Mar 09 '24 at 00:15
  • 3
    When making it immutable, it complained that the Operation could not be completed while reading the flags for resolv.conf. To fix this I had to force the command using -f: sudo chattr -f +i /etc/resolv.conf – nluigi Jun 20 '24 at 09:27
  • 4
    This solution worked for me on WSL2 running Ubuntu 24.04 LTS. I followed the comment from @MikeKulls and deleted the symlink using sudo unlink /etc/resolv.conf. I then used the -f command from @nluigi to make it immutable. The file persisted after reboot. – k_rollo Jul 11 '24 at 08:44
12

This is a problem with WSL, not Ubuntu or Windows. There are lots of solutions out there, the best one I found https://gist.github.com/coltenkrauter/608cfe02319ce60facd76373249b8ca6

It also includes VPN info, but the steps work without the VPN also.

  1. Run these commands in the Ubuntu terminal.

    cd ~/../../etc # Go to etc folder in WSL.
echo "[network]" | sudo tee wsl.conf # Create wsl.conf file and add the first line.
echo "generateResolvConf = false" | sudo tee -a wsl.conf # Append wsl.conf the next line.
wsl --terminate Debian # Terminate WSL in Windows cmd, in case the OS is Ubuntu not Debian.
cd ~/../../etc # Go to etc folder in WSL.
sudo rm -Rf resolv.conf # Delete the resolv.conf file.

  2. In Windows cmd, PowerShell or terminal with the VPN connected do: Get-NetIPInterface or ipconfig /all for getting the DNS primary and secondary.

  3. With the DNS primary and secondary gotten from step 2. replace the numbers in the next step in the X.X.X.X

  4. echo "nameserver X.X.X.X" | sudo tee resolv.conf (Create resolv.conf and append the line.)

  5. echo "nameserver X.X.X.X" | sudo tee -a resolv.conf (Append the line in resolv.conf)

  6. wsl --terminate Debian (Terminate WSL in Windows cmd, in case is Ubuntu not Debian).

  7. sudo chattr +i resolv.conf

  8. Finally in Windows cmd, PowerShell or terminal:

    Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000

Credit: @MartinCaccia, @yukosgiti, @machuu and @AlbesK:
https://github.com/microsoft/WSL/issues/4277
https://github.com/microsoft/WSL/issues/4246

karel
  • 122,695
  • 134
  • 305
  • 337
Anthony M
  • 121
7

Using the WSL Settings app is the simplest method I've found so far.

In the app, disable Networking -> DNS Proxy enabled option.

WSL Settings screen

Disabling above adds the following to your %USERPROFILE%\.wslconfig:

[wsl2]
dnsProxy=false

In this method, /etc/wsl.conf should remain unchanged (meaning generateResolvConf left at its default enabled state).

snipsnipsnip
  • 171
  • 1
    Much better answer than having to change wsl.conf and resolv.conf in each individual distro as suggested by most other answers! – JojOatXGME Apr 17 '25 at 17:30
6

windows wsl dns issue fixdns

  1. Inside WSL2, create or append file: /etc/wsl.conf

  2. Put the following lines in the file in order to ensure the your DNS changes do not get blown away

    echo "[network]" | sudo tee /etc/wsl.conf
echo "generateResolvConf = false" | sudo tee -a /etc/wsl.conf

  3. In a cmd window, run wsl --shutdown

  4. Start WSL2

  5. Run the following inside WSL2

    sudo rm -rf /etc/resolv.conf
sudo cat << EOF > /etc/resolv.conf
search domain.local
nameserver 8.8.8.8
nameserver 1.1.1.1
EOF
mati kepa
  • 1,111
  • 3
    Those public resolvers are not adequate replacement for the resolver provided in DHCP. In most company environments anyway, and it's usually VPNs and similar things that break the resolution. – Jan Hudec Feb 06 '23 at 13:24
4

The new experimental feature flags (dnsTunneling, mirrored) for WSL 2 fixes this long running issue with DNS resolution while you are using a VPN that dis-allows split tunneling as pointed out in below articles,

https://github.com/jacob-pro/wsl2-dns-agent (thanks to jacob-pro) https://devblogs.microsoft.com/commandline/windows-subsystem-for-linux-september-2023-update/

Steps to fix

  1. Add a .wslconfig file if not present in C:\Users%username%\ directory and add the experimental feature flag configs to switch them ON.

    winget install GNU.nano Optional step to edit text file in CLI using nano

    nano .wslconfig Optional step to edit text file in CLI using nano

    CTRL + X to Exit and Save the changes.

    Add below content to file (description for each feature flag is mentioned in above Microsoft article)

[experimental]
autoMemoryReclaim=gradual
networkingMode=mirrored
dnsTunneling=true
firewall=true
autoProxy=true

  1. Restart WSL2.

    wsl --shutdown

WSL2 DNS resolution started working after above steps.

P.S. I'm on Windows 11 (Version 23H2).

d3vinda
  • 41
2

WSL is getting its IP address (and it's DNS server, netmask and other stuff) from Windows' DHCP Server. Either fix it on Windows, or fix the DNS server on 172.22.192.1.

This is a Windows problem, not a Ubuntu problem.

And No, I don't know how Windows does DHCP.

waltinator
  • 1
  • Hi, the problem is: I dont have a DNS on this IP. I dont even know what this IP is. Windows is getting its DNS from my router at 192.168.178.1. – LightJack05 Sep 24 '21 at 19:18
  • @LightJack05 well, you do have a DNS (forwarder) on that IP similar to how systemd-resolved sets up one on 127.0.1.1. The problem is that it gets broken by some network changes, and it would be best to fix that breakage. Unfortunately I haven't seen a good fix for it yet. – Jan Hudec Feb 06 '23 at 13:20
0

WARNING!!! THIS WILL DELETE YOUR WSL

In my case changing the wsl.conf and resolve.conf just didn't work anymore. In the end I dropped the wsl distro using the command:

wsl --unregister <distro-name>

Than I opened the microsoft store and installed ubuntu 22.04. There it worked out of the box.. finally after hours trying to fix.

Alrik
  • 113
Maarten Kieft
  • 363
0

In my case I was running Cisco AnyConnect VPN, and the WSL container was locked out from the outside world. I shutdown the VPN connection and it worked as expected. Hence, be aware that the VPN connection will not permit WSL to see the outside world, as of the time of this post.

De Phantom
  • 1
0

I had this issue when I was switched to systemd instead of good old init. When updating /etc/wsl.conf - changing systemd=true to systemd=false, DNS issues went away as well as 100% CPU usage of init process.

Michel Samia
  • 901
0

In my Case (Ubuntu 24.04) I have solved this by editing /etc/systemd/resolved.conf and added my preffered config

Because on Ubuntu there is a local DNS Server called systemd-resolved. This Server is running on 127.0.0.53. With the command below you can verify that resolved is running:

root@WSMH:~# ss -tlpn
State    Recv-Q   Send-Q      Local Address:Port       Peer Address:Port   Process
LISTEN   0        4096        127.0.0.53%lo:53              0.0.0.0:*       users:(("systemd-resolve",pid=103,fd=14))
LISTEN   0        4096           127.0.0.54:53              0.0.0.0:*       users:(("systemd-resolve",pid=103,fd=16))

127.0.0.53 is the IP you also find in /etc/resolv.conf. systemd-resolved is generating /etc/resolv.conf. So instead of messing around with this file I'd tell resolved via /etc/systemd/resolved.conf where the next DNS servers are.

[Resolve]
DNS=ip.of.dns.server
Domains=my-domain.local

Before:

root@WSMH:~# resolvectl
Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub


Link 2 (eth0)
Current Scopes: none
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

After:

root@WSMH:~# resolvectl
Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
Current DNS Server: ip.of.dns.server
       DNS Servers: ip.of.dns.server
        DNS Domain: my-domain.local


Link 2 (eth0)
Current Scopes: none
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

You have to do systemctl restart systemd-resolved after editing the file. Just leave /etc/resolved.conf as it is

Shardas
  • 1
  • 1
0

My issue was caused by running docker in rootless mode in WSL. When I ran dockerd-rootless-setuptool.sh install I had errors about being unable to load iptables. This is caused from WSL having iptables integrated in the kernel rather than as a module. So I ran dockerd-rootless-setuptool.sh install --skip-iptables to get docker configured properly for rootless mode. What I didn't realize is that this would add a --iptables=false to the unit file in my user directory.

Docker daemon was being started by systemctl with ExecStart=/usr/bin/dockerd-rootless.sh --iptables=false which caused me to even be unable to ping or traceroute out to 8.8.8.8. Once I discovered this, I removed the --iptables=false from the ExecStart line in ~/.config/systemd/user/docker.service, ran systemctl --user stop docker.service && systemctl --user start docker.service and all was good in containers after that.

Speeddymon
  • 182
0

My setup is WSL2 Ubuntu, and a VPN. The WSL was unable to access any "internal" corporate DNS addresses, although it could access them by direct IP.

As far as I can tell there is no way to tell WSL to "USE WHAT THE HOST OS USES".

The solution was to go into the VPN properties and find what it was using for DNS. Add these into the /etc/resolv.conf. Also add the search domains which can be found by running ipconfig /all in windows, and looking for "DNS Suffix Search List".

search {my.domain.com}
nameserver {vpn dns 1}
nameserver {vpn dns 2}
Jordan Ryder
  • 101
-2

https://docs.microsoft.com/en-us/windows/wsl/install-manual#step-2---check-requirements-for-running-wsl-2

cmd run as admin
wsl --shutdown
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

Then you can start wsl.

anonymous2
  • 4,325
user3073309
  • 5