Skip to content

Instantly share code, notes, and snippets.

@coltenkrauter
Last active December 3, 2024 05:15
Show Gist options
  • Save coltenkrauter/608cfe02319ce60facd76373249b8ca6 to your computer and use it in GitHub Desktop.
Save coltenkrauter/608cfe02319ce60facd76373249b8ca6 to your computer and use it in GitHub Desktop.
Fix DNS resolution in WSL2
More recent resolution:
1. cd ~/../../etc (go to etc folder in WSL).
2. echo "[network]" | sudo tee wsl.conf (Create wsl.conf file and add the first line).
3. echo "generateResolvConf = false" | sudo tee -a wsl.conf (Append wsl.conf the next line).
4. wsl --terminate Debian (Terminate WSL in Windows cmd, in case is Ubuntu not Debian).
5. cd ~/../../etc (go to etc folder in WSL).
6. sudo rm -Rf resolv.conf (Delete the resolv.conf file).
7. In windows cmd, ps or terminal with the vpn connected do: Get-NetIPInterface or ipconfig /all for get the dns primary and
secondary.
8. With the dns primary and secondary getted replace the numbers in the next step in the X.X.X.X
9. echo "nameserver X.X.X.X" | sudo tee resolv.conf (Create resolv.conf and append the line.)
10. echo "nameserver X.X.X.X" | sudo tee -a resolv.conf (Append the line in resolv.conf)
11. wsl --terminate Debian (Terminate WSL in Windows cmd, in case is Ubuntu not Debian).
12. sudo chattr +i resolv.conf
13. And finally in windows cmd, ps or terminal:
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000
Credit: @MartinCaccia, @yukosgiti, @machuu and @AlbesK:
https://github.com/microsoft/WSL/issues/4277
https://github.com/microsoft/WSL/issues/4246
---
Original resoltuion:
1. Create a file: /etc/wsl.conf.
2. Put the following lines in the file in order to ensure the your DNS changes do not get blown away
[network]
generateResolvConf = false
3. In a cmd window, run wsl --shutdown
4. Restart WSL2
5. Create a file: /etc/resolv.conf. If it exists, replace existing one with this new file.
6. Put the following line in the file
nameserver 8.8.8.8 # Or use your DNS server instead of 8.8.8.8 which is a Google DNS server
7. Repeat step 3 and 4. You will see git working fine now.
Credit: https://github.com/microsoft/WSL/issues/4285#issuecomment-522201021
@rrlevy
Copy link

rrlevy commented Aug 7, 2023

Damn, I was following this instruction but somehow I broke my wsl. My ~ folder has changed and I can't find my files. It seems it is now logging in as a root user, i don't think it was doing that before

I fixed it!

Just enter: ubuntu config --default-user YOUR_USERNAME

The user was still there! It was just logging in always as root now for some reason.

@ThePlenkov
Copy link

ThePlenkov commented Aug 7, 2023

Here is my solution for this problem. Basically I have accumulated everything mentioned above:
https://gist.github.com/ThePlenkov/6ecf2a43e2b3898e8cd4986d277b5ecf

  • script removes all nameservers in /etc/resolv.conf and replaces them with actual IPs from powershell
sudo sed -i '/nameserver/d' /etc/resolv.conf
powershell.exe -Command '(Get-DnsClientServerAddress -AddressFamily IPv4).ServerAddresses | ForEach-Object { "nameserver $_" }' | tr -d '\r' | sudo tee -a /etc/resolv.conf > /dev/null
  • script is configured as a boot command which is available in Win 11. If it's applicable for you - it helps a lot

@q-yonlugoh
Copy link

@ThePlenkov That worked for me, thanks!

@will397
Copy link

will397 commented Aug 23, 2023

@ThePlenkov Superb. Great instruction, efficient solution!

@droidecahedron
Copy link

@ThePlenkov

Excellent, thanks so much.

@naml3i
Copy link

naml3i commented Sep 6, 2023

That's all you need:

echo -e "[network]\ngenerateResolvConf = false\n" | sudo tee /etc/wsl.conf
echo -e "nameserver 8.8.8.8\n" | sudo tee /etc/resolv.conf

No reboots, no restarts, no line-by-line appending, no messing with non-existent Cisco AnyConnect interfaces. Just those two lines and you're good to go.

Again, this is Linux, not Windows. You don't need to reboot/restart just because you changed your nameserver...

Thanks, this answer is really clean and on point.

@BillBrinkley58
Copy link

Thanks for the help. This worked for me.

@KonanTheLibrarian
Copy link

BILLION DOLLAR MICROSOFT WSL BUG FIXED AFTER 13 YEARS = WSL DNS Network Failure with VPNs resulted in A TOTAL REWRITE OF WSL2 by October 2023 - PING FAILED IN WSL

Expect this WSL2 broken DNS related issues (above) to be fixed from October 2023.
N.B. Now you have to change all your WSL Linux Network configs to match the totally new design.
Eventually fixed mentioned here

Why be so angry? When I said it cost MICROSOFT BILLIONS over 13 years you laughed at me. I was right - TOTALLY VINDICATED - THIS BUG STUNG THEIR BIGGEST CUSTOMERS THE MOST SO THAT WSL WAS REJECTED! The extent to which WSL was rejected by ALL the biggest companies is staggering! Hell they all used VPNs and Docker! Thousands of the SAME bug reports GOT CLOSED BY GENIUSES that can't fix the bug or bother to reproduce it and FALSELY CLAIM "UNABLE TO REPRODUCE". The bug was there for 13 years breaking WSL1 and Microsoft biggest customers who use compulsory VPNs which broke WSL2 networking DNS and a primary symptom was Ping failures.

  • This bug occurred RANDOMLY because WSL2 Network/Subnet settings WERE DELIBERATLY RANDOM - RIGHT IN THE DESIGN! NO JOKE!
  • Most bugs are fixed by minor upgrades but this bug was fully rooted in the design, they had to rip WSL NETWORK GARBAGE CODE out and start over!
  • The bug was TOTALLY IGNORED BY GENEUSES FOR OVER A DECADE! GENIUSES KEPT ON AND ON CLOSING BUG REPORTS!
  • I started to realise that this bug revealed MONSTER SECURITY HOLES IN WSL NETOWRKS making it totally insecure. NOW THEY DID NOT IGNORE ME, STOPPED RIDICULING ME!
  • So in 2023 they rewrote the hole of WSL2 Network configuration which was more than a mess: it was a pile ...

ORIGINAL SYMPTOMS of WSL2 Networks Breaking with VPNs RANDOMLY WORKING

ROOT CAUSE - BECAUSE WSL1 & WSL2 RANDOMLY SELECT SUBNETS, SO THE CORPORATIONS VPN (firewall) REJECTS SOME OF THEM - RANOMLY - NOT THE CORPORATIONS FAULT!

DNS on WSL2 WITH VPNs JUST BREAKS: CLOSING THOUSANDS OF BUG REPORTS ON THIS 10 YEAR OLD BUG (WHICH IS NOT FIXED FOR SUCH A LONG TIME) IS WEIRD!

Some 20 solutions claim to work but the root cause of why the bug keeps getting closed and then reopened is that WSL2 network WORKS RANDOMLY - THIS IS BY DESIGN BECAUSE WSL2 RANDOMLY SELECTS A SUBNET!!!!!!!!!!!!!!!! thus WSL2 still looses it's DNS even if you disconnect briefly and reconnect your IPsec VPN ( RANDOM SUBNET IS CHOSEN ). Once the wrong random subnet is REJECTED by the corporations VPN you still have to reboot. (I am running WSL2 on top end Dell laptop with up-to-date bios and Windows 10.)

When running ordinary applications under Windows or on a Linux PC, any disconnection of the network and reconnection allows all applications to reconnect to the network no problem; not so with WSL! When running WSL, DNS resolution is lost even with a brief disconnection or the lease time on the network driver laps and reconnects, after that you can’t connect or even ping devices unless you reboot!

Even with millions of complaints, and thousands of bug reports, this bug has been persistent for almost a decade and NOT FEXED IN JULY 2023! This is so serious many developers avoid all Docker development under WSL and Windows. When Windows programmers write Linux network code, what could possibly go wrong?

WSL team members even close bug reports rather than combine the data from thousands of similar reports. When reports are closed so that others can’t comment the geniuses have magically fixed the major bug right? NOT! The use of Docker Desktop makes it 100 times worse, but fortunately Docker Desktop is NOT Docker and many people run WSL2 without Docker Desktop.

@ThePlenkov
Copy link

ThePlenkov commented Oct 16, 2023

@KonanTheLibrarian this solution works in WSL2 with vpn very smoothly (especially on win11). https://gist.github.com/ThePlenkov/6ecf2a43e2b3898e8cd4986d277b5ecf

But in general I share your frustration. I'd also prefer if generateResolvConf is fixed by taking the right DNS, also including VPN connections.

@heaviss
Copy link

heaviss commented Oct 18, 2023

You might also want to add dns key into docker json config (worked for me)
изображение

@iiicebearrr
Copy link

It works!!!
Just follow the 1~13 steps

@gto406
Copy link

gto406 commented Dec 20, 2023

The provided steps worked great, thank-you! I utilized Google’s DNS (8.8.8.8/8.8.4.4) and the fix worked like a charm. 🤘

@andradei
Copy link

andradei commented Jan 5, 2024

The "More recent resolution" worked.
Didn't run step 13 though.

For the benefits WSL provide, what a mess this issue is... Thank for the solution.

@teeesss
Copy link

teeesss commented Jan 5, 2024

I like this approach.

Makes /root/resolv.conf.sh executable using wsl.conf boot command
Deletes the /etc/resolv.conf file on start-up
Runs the script /etc/resolv.conf.sh and populated with DNS servers from the script.
Change the servers as desired: DNS_SERVERS=("9.9.9.9" "1.1.1.1" "8.8.8.8")
Outputs a log file to /root/resolv.conf.log

vi /etc/wsl.conf

[boot]
command = /bin/bash chmod +x /root/resolv.conf.sh; /bin/bash /root/resolv.conf.sh > /root/resolv.conf.log 2>&1
systemd=true

[network]
generateResolvConf = false

vi /root/resolv.conf.sh

#!/bin/bash

# Specify the DNS servers
DNS_SERVERS=("9.9.9.9" "1.1.1.1" "8.8.8.8")

# Log file path
LOG_FILE="/root/resolv.conf.log"

# Delete the existing /etc/resolv.conf
sudo rm /etc/resolv.conf

# Create or update the /etc/resolv.conf file
for server in "${DNS_SERVERS[@]}"; do
    echo "nameserver $server" | sudo tee -a /etc/resolv.conf
done

# Log the changes to the specified log file
echo "DNS servers updated: $(date)" | sudo tee -a "$LOG_FILE"

@samuel-andres
Copy link

I like this approach.

Makes /root/resolv.conf.sh executable using wsl.conf boot command Deletes the /etc/resolv.conf file on start-up Runs the script /etc/resolv.conf.sh and populated with DNS servers from the script. Change the servers as desired: DNS_SERVERS=("9.9.9.9" "1.1.1.1" "8.8.8.8") Outputs a log file to /root/resolv.conf.log

vi /etc/wsl.conf

[boot]
command = /bin/bash chmod +x /root/resolv.conf.sh; /bin/bash /root/resolv.conf.sh > /root/resolv.conf.log 2>&1
systemd=true

vi /boot/resolv.conf.sh

#!/bin/bash

# Specify the DNS servers
DNS_SERVERS=("9.9.9.9" "1.1.1.1" "8.8.8.8")

# Log file path
LOG_FILE="/root/resolv.conf.log"

# Delete the existing /etc/resolv.conf
sudo rm /etc/resolv.conf

# Create or update the /etc/resolv.conf file
for server in "${DNS_SERVERS[@]}"; do
    echo "nameserver $server" | sudo tee -a /etc/resolv.conf
done

# Log the changes to the specified log file
echo "DNS servers updated: $(date)" | sudo tee -a "$LOG_FILE"

Works great! Just a typo in the path of the script /boot/resolv.conf.sh should be /root/resolv.conf.sh, right?

@teeesss
Copy link

teeesss commented Jan 6, 2024 via email

@bayeslearner
Copy link

What is this solution to? I am switching back to windows+WSL after abandoning it (due to various networking nags), and I remember from a few years ago that I had to toggle this resolv.conf between public DNS servers and corporate DNS server when the windows host is off VPN.

@samuel-andres
Copy link

@bayeslearner
The solution from @teeesss fixes the issue of failing DNS because of conflicts with the IP directions randomly assigned and instead using public DNS. Just make sure to have this in /etc/wsl.conf:

[network]
generateResolvConf = false

@flogr
Copy link

flogr commented Jan 16, 2024

Here is my solution for this problem. Basically I have accumulated everything mentioned above: https://gist.github.com/ThePlenkov/6ecf2a43e2b3898e8cd4986d277b5ecf

  • script removes all nameservers in /etc/resolv.conf and replaces them with actual IPs from powershell
sudo sed -i '/nameserver/d' /etc/resolv.conf
powershell.exe -Command '(Get-DnsClientServerAddress -AddressFamily IPv4).ServerAddresses | ForEach-Object { "nameserver $_" }' | tr -d '\r' | sudo tee -a /etc/resolv.conf > /dev/null
  • script is configured as a boot command which is available in Win 11. If it's applicable for you - it helps a lot

This works for me! Thank you so much!

@404whoami
Copy link

Here is my solution for this problem. Basically I have accumulated everything mentioned above: https://gist.github.com/ThePlenkov/6ecf2a43e2b3898e8cd4986d277b5ecf

  • script removes all nameservers in /etc/resolv.conf and replaces them with actual IPs from powershell
sudo sed -i '/nameserver/d' /etc/resolv.conf
powershell.exe -Command '(Get-DnsClientServerAddress -AddressFamily IPv4).ServerAddresses | ForEach-Object { "nameserver $_" }' | tr -d '\r' | sudo tee -a /etc/resolv.conf > /dev/null
  • script is configured as a boot command which is available in Win 11. If it's applicable for you - it helps a lot

thanks it worked for me

@volehuy1998
Copy link

Didn't work like a charm. Thank so much

@gtedavid
Copy link

gtedavid commented Apr 9, 2024

So here is my configuration
Version WSL : 2.1.5.0
Version du noyau : 5.15.146.1-2
Version WSLg : 1.0.60
Windows 11 version : 23h2 22631.3296

I don't know how it happened, but from the day to the next it stopped working.
I did the original resolution, but putting my router's ip worked.

Original resoltuion:

1. Create a file: /etc/wsl.conf.
2. Put the following lines in the file in order to ensure the your DNS changes do not get blown away

[network]
generateResolvConf = false

3. In a cmd window, run wsl --shutdown
4. Restart WSL2
5. Create a file: /etc/resolv.conf. If it exists, replace existing one with this new file.
6. Put the following line in the file

nameserver 8.8.8.8 # Or use your DNS server instead of 8.8.8.8 which is a Google DNS server

7. Repeat step 3 and 4. You will see git working fine now.

I noticed that the IP that's in the /etc/resolv.conf is the one indicated here (ipconfig /all)
image
Which is apparently the WSL Hyper-V firewall....
would it mean that the issue lies in the "forwarding" or letting through of that Hyper V firewall and the host ? at least for dns, the traceroute seemed to work fine

@S1RENS
Copy link

S1RENS commented May 5, 2024

Maybe this will help someone (source)

Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultOutboundAction Allow

As @gtedavid mentioned it seems like Hyper-V is blocking some outbound connection by default, for whatever reason.
My setup is with Mullvad VPN. I am also using Windows Firewall Control tool by Malwarebytes.

To add my Mullvad VPN DNS server to WSL, do ipconfig.exe /all and grab the DNS address under your VPN name. Then sudo nano /etc/resolv.conf and add:
nameserver <IPHERE>
I did have to set Local network sharing ON, on Mullvad VPN settings. Try that if you still have issues and you're using a VPN.

@ThePlenkov
Copy link

ThePlenkov commented May 14, 2024

Dear all, happy to say that mentioned above problem is not a problem anymore since version 22H2 with DNS tunneling introduced .

The only step step you need to perform:

[wsl2]
dnsTunneling=true

That's it. We waited for this solution for years. It's enabled by default since WSL 2.2.1

@ur3an0
Copy link

ur3an0 commented May 17, 2024

BILLION DOLLAR MICROSOFT WSL BUG FIXED AFTER 13 YEARS = WSL DNS Network Failure with VPNs resulted in A TOTAL REWRITE OF WSL2 by October 2023 - PING FAILED IN WSL

Expect this WSL2 broken DNS related issues (above) to be fixed from October 2023. N.B. Now you have to change all your WSL Linux Network configs to match the totally new design. Eventually fixed mentioned here

Why be so angry? When I said it cost MICROSOFT BILLIONS over 13 years you laughed at me. I was right - TOTALLY VINDICATED - THIS BUG STUNG THEIR BIGGEST CUSTOMERS THE MOST SO THAT WSL WAS REJECTED! The extent to which WSL was rejected by ALL the biggest companies is staggering! Hell they all used VPNs and Docker! Thousands of the SAME bug reports GOT CLOSED BY GENIUSES that can't fix the bug or bother to reproduce it and FALSELY CLAIM "UNABLE TO REPRODUCE". The bug was there for 13 years breaking WSL1 and Microsoft biggest customers who use compulsory VPNs which broke WSL2 networking DNS and a primary symptom was Ping failures.

  • This bug occurred RANDOMLY because WSL2 Network/Subnet settings WERE DELIBERATLY RANDOM - RIGHT IN THE DESIGN! NO JOKE!
  • Most bugs are fixed by minor upgrades but this bug was fully rooted in the design, they had to rip WSL NETWORK GARBAGE CODE out and start over!
  • The bug was TOTALLY IGNORED BY GENEUSES FOR OVER A DECADE! GENIUSES KEPT ON AND ON CLOSING BUG REPORTS!
  • I started to realise that this bug revealed MONSTER SECURITY HOLES IN WSL NETOWRKS making it totally insecure. NOW THEY DID NOT IGNORE ME, STOPPED RIDICULING ME!
  • So in 2023 they rewrote the hole of WSL2 Network configuration which was more than a mess: it was a pile ...

ORIGINAL SYMPTOMS of WSL2 Networks Breaking with VPNs RANDOMLY WORKING

ROOT CAUSE - BECAUSE WSL1 & WSL2 RANDOMLY SELECT SUBNETS, SO THE CORPORATIONS VPN (firewall) REJECTS SOME OF THEM - RANOMLY - NOT THE CORPORATIONS FAULT!

DNS on WSL2 WITH VPNs JUST BREAKS: CLOSING THOUSANDS OF BUG REPORTS ON THIS 10 YEAR OLD BUG (WHICH IS NOT FIXED FOR SUCH A LONG TIME) IS WEIRD!

Some 20 solutions claim to work but the root cause of why the bug keeps getting closed and then reopened is that WSL2 network WORKS RANDOMLY - THIS IS BY DESIGN BECAUSE WSL2 RANDOMLY SELECTS A SUBNET!!!!!!!!!!!!!!!! thus WSL2 still looses it's DNS even if you disconnect briefly and reconnect your IPsec VPN ( RANDOM SUBNET IS CHOSEN ). Once the wrong random subnet is REJECTED by the corporations VPN you still have to reboot. (I am running WSL2 on top end Dell laptop with up-to-date bios and Windows 10.)

When running ordinary applications under Windows or on a Linux PC, any disconnection of the network and reconnection allows all applications to reconnect to the network no problem; not so with WSL! When running WSL, DNS resolution is lost even with a brief disconnection or the lease time on the network driver laps and reconnects, after that you can’t connect or even ping devices unless you reboot!

Even with millions of complaints, and thousands of bug reports, this bug has been persistent for almost a decade and NOT FEXED IN JULY 2023! This is so serious many developers avoid all Docker development under WSL and Windows. When Windows programmers write Linux network code, what could possibly go wrong?

WSL team members even close bug reports rather than combine the data from thousands of similar reports. When reports are closed so that others can’t comment the geniuses have magically fixed the major bug right? NOT! The use of Docker Desktop makes it 100 times worse, but fortunately Docker Desktop is NOT Docker and many people run WSL2 without Docker Desktop.

thats is working for mee! thanks!!!!

@dlamblin
Copy link

In the wsl2 docs I noticed a comment on using Mirrored Networking mode being that it offers better compatibility with VPNs Maybe that's worth looking into for the complaints around the random subnets issue. Or not. Unsure. https://learn.microsoft.com/en-us/windows/wsl/networking#mirrored-mode-networking But either case had no issues with dns resolv.cof on wsl2 ubuntu lts 2024-04

@mpelzsherman
Copy link

Thanks so much! Please note that step 13 must be executed in an admin PowerShell.

@karthiktumu
Copy link

Created an issue for
DNS resolution for internal sites doesn't work from inside WSL2 distros when using Global Secure Access Client as VPN.

microsoft/WSL#11745

@asaf400
Copy link

asaf400 commented Aug 8, 2024

@ThePlenkov solution worked best, specifying just one DNS of my VPN software resulted in slow queries, but with your command,
it dumped all valid nameservers into WSL and now curl: time_namelookup: 0.001621s

@Eleskovic
Copy link

ThePlenkov

Thank you for the simplest solution. It worked like a charm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment