Fix DNS resolution in WSL2

fix-wsl2-dns-resolution.md

Permanent WSL DNS Fix (WSL 2.2.1+)

If you're encountering ping github.com failing inside WSL with a Temporary failure in name resolution, you're not alone — this has been a long-standing issue, especially when using VPNs or corporate networks.

This issue is now fixed robustly with DNS tunneling, which preserves dynamic DNS behavior and avoids limitations like WSL’s former hard cap of 3 DNS servers in /etc/resolv.conf.

DNS tunneling is enabled by default in WSL version 2.2.1 and later, meaning that if you're still seeing DNS resolution issues, the first and most effective fix is simply to upgrade WSL. Upgrading WSL updates the WSL platform itself, but does not affect your installed Linux distributions, apps, or files.

To upgrade WSL, follow these steps,

# Run all of the following in a Windows terminal (PowerShell, Command Prompt, etc.)

# 1. Check your current WSL version
wsl --version

# 2. Close all open *WSL windows* — any Linux terminals running via WSL (Ubuntu, Debian, etc.)

# 3. Shut down the WSL subsystem
wsl --shutdown

# 4. Upgrade WSL
wsl --upgrade

# 5. Verify the upgrade was successful (version should now be >= 2.2.1)
wsl --version

# 6. Open your WSL terminal and test
ping github.com

# 🎉 If it works, drop a comment on this Gist and tell us how happy you are.

If needed, explicitly enable tunneling by creating (source):

# C:\Users\<YourUsername>\.wslconfig
[wsl2]
dnsTunneling=true

That’s it. No more messing with /etc/resolv.conf. No more weird hacks!

---

🧟 Previous Workarounds (for WSL < 2.2.1 or locked-down systems)

Preserved for historical transparency and for users unable to upgrade WSL.

# In WSL
cd /etc
echo "[network]" | sudo tee wsl.conf
echo "generateResolvConf = false" | sudo tee -a wsl.conf

# Back in Windows
wsl --terminate <DistroName>  # or use wsl --shutdown

# Back in WSL
sudo rm -f /etc/resolv.conf
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf
echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf
sudo chattr +i /etc/resolv.conf

If you're using a VPN like Cisco AnyConnect:

Get-NetAdapter | Where-Object { $_.InterfaceDescription -Match "Cisco AnyConnect" } | Set-NetIPInterface -InterfaceMetric 6000

---

🙌 Credit & Sources

Big thanks to,

• @ThePlenkov/(comment) — the first to publicly document the DNS tunneling fix in .wslconfig (WSL 2.2.1+)
• @skudbucket — for confirming and spreading awareness
• @MartinCaccia, @yukosgiti, @machuu, @AlbesK — for documenting earlier workarounds
• GitHub Issue #4277
• GitHub Issue #4246
• Legacy fix from #4285
• WSL DNS Tunneling Docs
• WSL Config Docs
• WSL 2.2.1 Release Notes

---

If you're still using manual resolv.conf hacks in 2024+, you're solving a problem that's already been solved.

I would be skeptical of any solutions that involve setting the VPN virtual adapter InterfaceMetric to a high value, like 6000.

By doing this, you force all your network traffic to use any other route, in practice avoiding the VPN altogether. If that is an acceptable solution, why not just turn off the VPN to prevent the issue in the first place?

This solution will also not work if you need to access a resource only available through the VPN.

I wrote about the issue in detail and a better fix here: https://janovesk.com/wsl/2022/01/21/wsl2-and-vpn-routing.html

Good write up. I will update my schedule task that runs each time I connect to the VPN to remove the route added as you described and see how that goes.

@MatMercer i try you script but appears error on powershe.exe
Can help me?

I found that one of my VPN blocks DNS queries to 8.8.8.8.
By default DNS uses UDP. My solution is to force DNS to use TCP instead.

The below configs work with and without VPN.

$ cat /etc/wsl.conf
[network]
generateResolvConf = false

$ cat /etc/resolv.conf
options use-vc
nameserver 8.8.8.8

$ cat /etc/resolv.conf
options use-vc
nameserver 8.8.8.8

@ten0s thank you !!! that fixed the issue for me
I've been looking for a simple solution like this one for a while

@ten0s you are using WSL2 or WSL1?
For me only working change from WSL2 to WSL1

@tutods WSL2

So strange. Already try a lot of things and nothing works

@ten0s for some reasons the /etc/resolv.conf gets wiped out (or probably overwritten) after rebooting my machine

although I did check I still had in my /etc/wsl.conf file

[network]
generateResolvConf = false

is there a clean way to force it to always have your recommended resolv.conf settings ?

@m2hd1
You need to modify the /etc/wsl.conf file
(within your WSL) like that:

echo "[network]" | sudo tee /etc/wsl.conf
echo "generateResolvConf = false" | sudo tee -a /etc/wsl.conf

@m2hd1, you need to unsure that your Linux is really restarted.

In Windows terminal

Shutdown all

wsl --shutdown

Check

wsl --list -v

Your Linux should be Stopped

Start it again and then check /etc/resolv.conf

@ten0s I tried your steps but the /etc/resolv.conf keeps disappearing after shuting down wsl

I guess as a workaround I could add a small script to my bash profile to create the resolv.conf file

I'm experiencing the same behaviour as @m2hd1. My /etc/resolv.conf gets regenerated even though I have set a /etc/wsl.conf.

Add this to the /etc/wsl.conf file:

[boot]
command = "printf 'nameserver 8.8.8.8\nnameserver 4.4.4.4' > /etc/resolve.conf"

The Boot setting is only available on Windows 11.

https://docs.microsoft.com/en-us/windows/wsl/wsl-config#boot-settings

If your config keeps getting overwritten review
https://docs.microsoft.com/en-us/windows/wsl/wsl-config#the-8-second-rule

Add this to the /etc/wsl.conf file:

    [boot]
    command = "printf 'nameserver 8.8.8.8\nnameserver 4.4.4.4' > /etc/resolve.conf"

This, but /etc/resolv.conf not /etc/resolve.conf (no 'e').

what the 8.8.8.8 4.4.4.4? does anybody use a corporate dns or a local router? this is not a solution at all

@ghenadiibatalski 8.8.8.8 and 4.4.4.4 are Google DNS servers

Sure, it's not a complete solution, but I don't need access to corporate network inside WSL.
If such access is needed, read https://gist.github.com/coltenkrauter/608cfe02319ce60facd76373249b8ca6?permalink_comment_id=4040950#gistcomment-4040950

Thanks man.. Worked like a charm. We use Palo Alto Global Protect for VPN so I left out the final command of
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000
This was not necessary for me and everything is working now. Thanks Microsoft updates for breaking this...

[boot]
command = "printf 'nameserver 8.8.8.8\nnameserver 4.4.4.4' > /etc/resolve.conf"

These are Google provided DNS servers. Just set the values to whatever DNS server you want to use.

+1 Thanks for sharing !

@ten0s 4.4.4.4 is not Google DNS. Correct ones are 8.8.8.8 8.8.4.4

The Boot setting works for me.👍

The solution doesn't work for me.
But when I switch to WSL1, DNS is working well.
Does anyone have a solution?

boot setting given by jonshipmannwmg above works for me in Windows 11. Also, works to manually recreate /etc/resolv.conf each time you boot if you don't do the [boot]. Not sure about windows 10.

Based on this gist I created this simple code:

https://github.com/epomatti/wsl2-dns-fix-config

Thank you very much.
I love WSL2, but it still has so many annoying issues. Worked for Ubuntu-22.04

Based on this gist I created this simple code:

thnks!!!, this works for me, I downloaded the code manually and after run this DNS works in WSL 2 Ubuntu-18.04 Win11

@gustavo-lara-molina nice! happy to help