Fix DNS resolution in WSL2

wsl2_200915_fix_dns_resolution.md

Error

$ sudo apt-get update
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
Temporary failure in name rerolution

$ host google.com
;; connection timed out; no servers could be reached

Solution

The /etc/resolv.conf is the main configuration file for the DNS name resolver library. It was automatically generated by WSL. Some time there was a problem with that DNS.

1. To stop automatic generation of resolv.conf, add the following entry to /etc/wsl.conf:

$ sudo cat << EOF > /etc/wsl.conf
[network]
generateResolvConf = false
EOF

2. In a cmd/powershell window, run:

> wsl --shutdown

or:

> wsl --terminate <Distro>

3. Restart WSL
4. Create a file: /etc/resolv.conf. If it exists (even a link), replace existing one with new file.

sudo cat << EOF > /etc/resolv.conf
# Use one or many DNS servers you like
# nameserver 192.168.1.1
nameserver 8.8.8.8
nameserver 1.1.1.1
EOF

5. Shutdown and restart WSL again.

Still not working

cmd/powershell as admin:

> wsl --shutdown  
> netsh winsock reset  
> netsh int ip reset all  
> netsh winhttp reset proxy  
> ipconfig /flushdns  

Restart Windows.

Ref:

• Colten Krauter: Fix DNS resolution in WSL2
• RedHat: Chapter 27. Manually configuring the /etc/resolv.conf file
• StackExchange: How do I set my DNS when resolv.conf is being overwritten?
• TechMint: How To Set Permanent DNS Nameservers in Ubuntu and Debian
• rescenic: No network connection in any distribution under WSL 2

The solutions found online helped me fix the issue in my home network, but DNS resolution would still not work when using my laptop at the office. This is what seemed to work:

• In WSL, set up two distributions, e.g. "Ubuntu" and "Debian"
• Set one to WSL version 1, and the other to WSL version 2
• wsl --set-version Ubuntu 1
• wsl --set-version Debian 2
• Copy the contents of /etc/resolv.conf in Ubuntu (WSL 1) to Debian (WSL 2)
• Done

It turned out that /etc/resolv.conf in WSL 1 had a special entry "search our-company-domain.de" (and some ipv4 and ipv6 addresses). One of the ips is the address of our central server. I guess I will also have to turn of the automatic generation of resolv.conf.

This mitigation will works in most of the case, but since it will enforce the DNS server to a public DNS server, DNS resolution of internal network (when using VPN or local network) will not works.

After some investigation on my side, it seems the issues comes from Windows FW. Looks like some rules was bloquing outboud or inboud DNS queries, when send from WSL2.

An easy lookup will be to disable Windows FW either globally or only for the WLS2 vEternet adapter, and try to make a DNS query again; if you've got the DNS response, the issue come from Windows FW.

You will have two choice, either take the time and effort to analyse your FW rules and fix them. or if you are lazy and does not mind to always allow DNS query, add a new inbound/outbound for it (as I've done myself):

I figured out, I can leave the defaults inside WSL2 (let /etc/wsl.conf default and automatically create resolv.conf).
I simply have to reset the Windows settings like you described here, and then it works again....