Skip to content

Instantly share code, notes, and snippets.

@sivinnguyen
Last active April 12, 2024 07:30
Show Gist options
  • Save sivinnguyen/8bc0125b274250683a97e149cf270040 to your computer and use it in GitHub Desktop.
Save sivinnguyen/8bc0125b274250683a97e149cf270040 to your computer and use it in GitHub Desktop.
Fix DNS resolution in WSL2

Error

$ sudo apt-get update
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
Temporary failure in name rerolution

$ host google.com
;; connection timed out; no servers could be reached

Solution

The /etc/resolv.conf is the main configuration file for the DNS name resolver library. It was automatically generated by WSL. Some time there was a problem with that DNS.

  1. To stop automatic generation of resolv.conf, add the following entry to /etc/wsl.conf:
$ sudo cat << EOF > /etc/wsl.conf
[network]
generateResolvConf = false
EOF
  1. In a cmd/powershell window, run:
> wsl --shutdown

or:

> wsl --terminate <Distro>
  1. Restart WSL
  2. Create a file: /etc/resolv.conf. If it exists (even a link), replace existing one with new file.
sudo cat << EOF > /etc/resolv.conf
# Use one or many DNS servers you like
# nameserver 192.168.1.1
nameserver 8.8.8.8
nameserver 1.1.1.1
EOF
  1. Shutdown and restart WSL again.

Still not working

cmd/powershell as admin:

> wsl --shutdown  
> netsh winsock reset  
> netsh int ip reset all  
> netsh winhttp reset proxy  
> ipconfig /flushdns  

Restart Windows.

Ref:

@sivinnguyen
Copy link
Author

I was able to resolve by configuring a DNS in .yaml file for Netplan located /etc/netplan I created a static IP as well in the process but it is not necessary:
network:
version: 2
renderer: networkd
ethernets:
ens3:
dhcp4: no
addresses:

  • 192.168.121.221/24
    gateway4: 192.168.121.1
    nameservers:
    addresses: [8.8.8.8, 1.1.1.1]

I followed instruction out of the following link: https://linuxize.com/post/how-to-configure-static-ip-address-on-ubuntu-20-04/

Thanks, @mayorvlf

@PavelSosin-320
Copy link

Maybe, I'm missing something but I don't see how it can work at all. I suppose that VPN providers offer not only HTTP traffic but also DNS traffic using one of the secured DNS protocols (DOH). When I'm looking at the standard Linux DNS service config file I see parameters selecting the type of the DNS protocol per network link. VPN client works as a proxy for both DNS and HTTP traffic. Google Chrome and Microsoft Edge have such configurations too and select the protocol during DNS negotiation.
The VPN client installed on the routers serves name resolution requests from LAN insecure but delegates them to the DNS services secured or unsecured.
If VPN doesn't encode name resolution requests everybody can intercept them and resolve them to some hacker's machine IP. It is called DNS leak.
I think that everybody can look at the VPN portal to see what is written about DNS service. I found it by 1st hit for NotdVPN DNS.

@DanielViglione
Copy link

This kind of works. Adding

 [network]
generateResolvConf = false

to /etc/wsl.conf certainly doesn't generate /etc/resolv.conf during next wsl launch. However, I couldn't save the google DNS to resolv.conf. So instead I removed the generateResolvConf line and in next wsl reboot, it automatically generated a new DNS, which did work.

@jnettels
Copy link

jnettels commented Nov 25, 2021

The solutions found online helped me fix the issue in my home network, but DNS resolution would still not work when using my laptop at the office. This is what seemed to work:

  • In WSL, set up two distributions, e.g. "Ubuntu" and "Debian"
  • Set one to WSL version 1, and the other to WSL version 2
  • wsl --set-version Ubuntu 1
  • wsl --set-version Debian 2
  • Copy the contents of /etc/resolv.conf in Ubuntu (WSL 1) to Debian (WSL 2)
  • Done

It turned out that /etc/resolv.conf in WSL 1 had a special entry "search our-company-domain.de" (and some ipv4 and ipv6 addresses). One of the ips is the address of our central server. I guess I will also have to turn of the automatic generation of resolv.conf.

@p1-ra
Copy link

p1-ra commented Dec 28, 2021

This mitigation will works in most of the case, but since it will enforce the DNS server to a public DNS server, DNS resolution of internal network (when using VPN or local network) will not works.

After some investigation on my side, it seems the issues comes from Windows FW. Looks like some rules was bloquing outboud or inboud DNS queries, when send from WSL2.

An easy lookup will be to disable Windows FW either globally or only for the WLS2 vEternet adapter, and try to make a DNS query again; if you've got the DNS response, the issue come from Windows FW.

You will have two choice, either take the time and effort to analyse your FW rules and fix them. or if you are lazy and does not mind to always allow DNS query, add a new inbound/outbound for it (as I've done myself):

image
image

@baartch
Copy link

baartch commented Apr 12, 2024

I figured out, I can leave the defaults inside WSL2 (let /etc/wsl.conf default and automatically create resolv.conf).
I simply have to reset the Windows settings like you described here, and then it works again....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment