Fix DNS resolution in WSL2

wsl2_200915_fix_dns_resolution.md

Error

$ sudo apt-get update
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
Temporary failure in name rerolution

$ host google.com
;; connection timed out; no servers could be reached

Solution

The /etc/resolv.conf is the main configuration file for the DNS name resolver library. It was automatically generated by WSL. Some time there was a problem with that DNS.

1. To stop automatic generation of resolv.conf, add the following entry to /etc/wsl.conf:

$ sudo cat << EOF > /etc/wsl.conf
[network]
generateResolvConf = false
EOF

2. In a cmd/powershell window, run:

> wsl --shutdown

or:

> wsl --terminate <Distro>

3. Restart WSL
4. Create a file: /etc/resolv.conf. If it exists (even a link), replace existing one with new file.

sudo cat << EOF > /etc/resolv.conf
# Use one or many DNS servers you like
# nameserver 192.168.1.1
nameserver 8.8.8.8
nameserver 1.1.1.1
EOF

5. Shutdown and restart WSL again.

Still not working

cmd/powershell as admin:

> wsl --shutdown  
> netsh winsock reset  
> netsh int ip reset all  
> netsh winhttp reset proxy  
> ipconfig /flushdns  

Restart Windows.

Ref:

• Colten Krauter: Fix DNS resolution in WSL2
• RedHat: Chapter 27. Manually configuring the /etc/resolv.conf file
• StackExchange: How do I set my DNS when resolv.conf is being overwritten?
• TechMint: How To Set Permanent DNS Nameservers in Ubuntu and Debian
• rescenic: No network connection in any distribution under WSL 2

Thanks a lot! I was scratching my head over this, your last "still not working" instructions finally made it work.

Thanks a lot! I was scratching my head over this, your last "still not working" instructions finally made it work.

That's great. I'm glad it worked for you.

Didn't work.

Didn't work...

Didn't work.

@dingobar @mbzbugsy
Sorry, I can't find any new solution. Please try to update your windows or WSL.

This worked for me. Thanks!

But, still a little worried about why I had to do that...

@cbare
I think wsl generates wrong nameserver. But I don't have to do this right now with Insider Preview Build 21296.rs_prerelease.210115-1423

Alright, here is what did work for me at the end. I tried some other poor bastards solution — who also had been plagued by this hell issue with WSL2. His solution was to disable the Windows WSL feature and re-enabling it (restart required), and voila network is up again. But disabling the auto-generation of the resolv.conf and overriding the nameserver is still a must. I just wish I had tried this earlier,, so many hours of trial and error — mostly error — finally came to an end. Hope this will work for others as well.

May the force be with you, always!

Didn't work.

@dingobar @mbzbugsy
Sorry, I can't find any new solution. Please try to update your windows or WSL.

Please excuse my outburst. At the time I think I was getting overly frustrated that I can't get it working. I think my problem may be related to enterprise firewall settings and as such a different problem than what you solved here.

I was able to resolve by configuring a DNS in .yaml file for Netplan located /etc/netplan I created a static IP as well in the process but it is not necessary:
network:
version: 2
renderer: networkd
ethernets:
ens3:
dhcp4: no
addresses:
- 192.168.121.221/24
gateway4: 192.168.121.1
nameservers:
addresses: [8.8.8.8, 1.1.1.1]

I followed instruction out of the following link: https://linuxize.com/post/how-to-configure-static-ip-address-on-ubuntu-20-04/

I was able to resolve by configuring a DNS in .yaml file for Netplan located /etc/netplan I created a static IP as well in the process but it is not necessary:
network:
version: 2
renderer: networkd
ethernets:
ens3:
dhcp4: no
addresses:

• 192.168.121.221/24
  gateway4: 192.168.121.1
  nameservers:
  addresses: [8.8.8.8, 1.1.1.1]

I followed instruction out of the following link: https://linuxize.com/post/how-to-configure-static-ip-address-on-ubuntu-20-04/

Thanks, @mayorvlf

Maybe, I'm missing something but I don't see how it can work at all. I suppose that VPN providers offer not only HTTP traffic but also DNS traffic using one of the secured DNS protocols (DOH). When I'm looking at the standard Linux DNS service config file I see parameters selecting the type of the DNS protocol per network link. VPN client works as a proxy for both DNS and HTTP traffic. Google Chrome and Microsoft Edge have such configurations too and select the protocol during DNS negotiation.
The VPN client installed on the routers serves name resolution requests from LAN insecure but delegates them to the DNS services secured or unsecured.
If VPN doesn't encode name resolution requests everybody can intercept them and resolve them to some hacker's machine IP. It is called DNS leak.
I think that everybody can look at the VPN portal to see what is written about DNS service. I found it by 1st hit for NotdVPN DNS.

This kind of works. Adding

 [network]
generateResolvConf = false

to /etc/wsl.conf certainly doesn't generate /etc/resolv.conf during next wsl launch. However, I couldn't save the google DNS to resolv.conf. So instead I removed the generateResolvConf line and in next wsl reboot, it automatically generated a new DNS, which did work.

The solutions found online helped me fix the issue in my home network, but DNS resolution would still not work when using my laptop at the office. This is what seemed to work:

• In WSL, set up two distributions, e.g. "Ubuntu" and "Debian"
• Set one to WSL version 1, and the other to WSL version 2
• wsl --set-version Ubuntu 1
• wsl --set-version Debian 2
• Copy the contents of /etc/resolv.conf in Ubuntu (WSL 1) to Debian (WSL 2)
• Done

It turned out that /etc/resolv.conf in WSL 1 had a special entry "search our-company-domain.de" (and some ipv4 and ipv6 addresses). One of the ips is the address of our central server. I guess I will also have to turn of the automatic generation of resolv.conf.

This mitigation will works in most of the case, but since it will enforce the DNS server to a public DNS server, DNS resolution of internal network (when using VPN or local network) will not works.

After some investigation on my side, it seems the issues comes from Windows FW. Looks like some rules was bloquing outboud or inboud DNS queries, when send from WSL2.

An easy lookup will be to disable Windows FW either globally or only for the WLS2 vEternet adapter, and try to make a DNS query again; if you've got the DNS response, the issue come from Windows FW.

You will have two choice, either take the time and effort to analyse your FW rules and fix them. or if you are lazy and does not mind to always allow DNS query, add a new inbound/outbound for it (as I've done myself):

I figured out, I can leave the defaults inside WSL2 (let /etc/wsl.conf default and automatically create resolv.conf).
I simply have to reset the Windows settings like you described here, and then it works again....