Fix DNS resolution in WSL2

fix-wsl2-dns-resolution.md

Permanent WSL DNS Fix (WSL 2.2.1+)

If you're encountering ping github.com failing inside WSL with a Temporary failure in name resolution, you're not alone — this has been a long-standing issue, especially when using VPNs or corporate networks.

This issue is now fixed robustly with DNS tunneling, which preserves dynamic DNS behavior and avoids limitations like WSL’s former hard cap of 3 DNS servers in /etc/resolv.conf.

DNS tunneling is enabled by default in WSL version 2.2.1 and later, meaning that if you're still seeing DNS resolution issues, the first and most effective fix is simply to upgrade WSL. Upgrading WSL updates the WSL platform itself, but does not affect your installed Linux distributions, apps, or files.

To upgrade WSL, follow these steps,

# Run all of the following in a Windows terminal (PowerShell, Command Prompt, etc.)

# 1. Check your current WSL version
wsl --version

# 2. Close all open *WSL windows* — any Linux terminals running via WSL (Ubuntu, Debian, etc.)

# 3. Shut down the WSL subsystem
wsl --shutdown

# 4. Upgrade WSL
wsl --upgrade

# 5. Verify the upgrade was successful (version should now be >= 2.2.1)
wsl --version

# 6. Open your WSL terminal and test
ping github.com

# 🎉 If it works, drop a comment on this Gist and tell us how happy you are.

If needed, explicitly enable tunneling by creating (source):

# C:\Users\<YourUsername>\.wslconfig
[wsl2]
dnsTunneling=true

That’s it. No more messing with /etc/resolv.conf. No more weird hacks!

---

🧟 Previous Workarounds (for WSL < 2.2.1 or locked-down systems)

Preserved for historical transparency and for users unable to upgrade WSL.

# In WSL
cd /etc
echo "[network]" | sudo tee wsl.conf
echo "generateResolvConf = false" | sudo tee -a wsl.conf

# Back in Windows
wsl --terminate <DistroName>  # or use wsl --shutdown

# Back in WSL
sudo rm -f /etc/resolv.conf
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf
echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf
sudo chattr +i /etc/resolv.conf

If you're using a VPN like Cisco AnyConnect:

Get-NetAdapter | Where-Object { $_.InterfaceDescription -Match "Cisco AnyConnect" } | Set-NetIPInterface -InterfaceMetric 6000

---

🙌 Credit & Sources

Big thanks to,

• @ThePlenkov/(comment) — the first to publicly document the DNS tunneling fix in .wslconfig (WSL 2.2.1+)
• @skudbucket — for confirming and spreading awareness
• @MartinCaccia, @yukosgiti, @machuu, @AlbesK — for documenting earlier workarounds
• GitHub Issue #4277
• GitHub Issue #4246
• Legacy fix from #4285
• WSL DNS Tunneling Docs
• WSL Config Docs
• WSL 2.2.1 Release Notes

---

If you're still using manual resolv.conf hacks in 2024+, you're solving a problem that's already been solved.

I fixed it by setting my network in windows to private isntead of public.

Using wsl-vpnkit is a better solution: https://github.com/sakai135/wsl-vpnkit
It resolves the DNS resolution shenanigans, while also allowing connectivity from the WSL distros through VPN, + between Windows host and distros.

The recent solution works perfectly, Thanks !

Disabling and Re-enabling the WiFi adapter in Windows worked for me - there must be something which refreshes WSL2's networking state after a change of network in Windows. Like other commenters, this only seemed to happen after some mix of VPN connect/disconnect and wifi connect/disconnect.

Surprisingly, this one's worked for me. After some desperate attempt to edit /etc/resolv.conf and adding new firewall rule in PowerShell like what @giumax87 suggests 😅

sudo touch /etc/resolv.conf
chmod 777 /etc/resolv.conf
printf 'nameserver 8.8.8.8\nnameserver 4.4.4.4' > /etc/resolv.conf

This worked for me

That's all you need:

echo -e "[network]\ngenerateResolvConf = false\n" | sudo tee /etc/wsl.conf
echo -e "nameserver 8.8.8.8\n" | sudo tee /etc/resolv.conf

No reboots, no restarts, no line-by-line appending, no messing with non-existent Cisco AnyConnect interfaces. Just those two lines and you're good to go.

Again, this is Linux, not Windows. You don't need to reboot/restart just because you changed your nameserver...

no change, name resolution still takes like 5 SECONDS. WSL1 AND 2

After usual windows 11 update:
KB2267602 (1.381.3293.0)

custom resolv.conf solution with Google DNS configured worked for me.
firewall solution (that i preferred in order not to alter the configuration of the wsl) didn't work.

echo -e "[network]\ngenerateResolvConf = false\n" | sudo tee /etc/wsl.conf
echo -e "nameserver 8.8.8.8\n" | sudo tee /etc/resolv.conf

I used this in the terminal and it worked like a charm! Thanks. I hope I do not have to execute this command every time I use github. Do you know if it is one-time use? or should I run it after executing whenever I reboot my machine?

echo -e "[network]\ngenerateResolvConf = false\n" | sudo tee /etc/wsl.conf
echo -e "nameserver 8.8.8.8\n" | sudo tee /etc/resolv.conf

I used this in the terminal and it worked like a charm! Thanks. I hope I do not have to execute this command every time I use github. Do you know if it is one-time use? or should I run it after executing whenever I reboot my machine?

After the above command is needed to run sudo chattr -f +i /etc/resolv.conf, otherwise the resolv.conf file will be deleted after reboot. See my comment above.

echo -e "[network]\ngenerateResolvConf = false\n" | sudo tee /etc/wsl.conf
echo -e "nameserver 8.8.8.8\n" | sudo tee /etc/resolv.conf

I used this in the terminal and it worked like a charm! Thanks. I hope I do not have to execute this command every time I use github. Do you know if it is one-time use? or should I run it after executing whenever I reboot my machine?

After the above command is needed to run sudo chattr +i resolv.conf, otherwise the resolv.conf file will be deleted after reboot. See my comment above.

I have the following error when using that command: chattr: No such file or directory while trying to stat resolv.conf then I used this sudo chattr -f +i /etc/resolv.conf and somehow worked. Not sure if it is the correct way

Sorry I didn't write the correct path. Without the -f option it didn't worked?

Edit:
The -f (force) flag is really needed if we want to make all the process at once in the same instance, otherwise this error is raised chattr: Operation not supported while reading flags on /etc/resolv.conf. The -f isn't needed if we exit the distro without executing the chattr command and reopen again, we will find that the /etc/resolv.conf was deleted. Then we must recreate it again with the nameserver and in this case the -f isn't needed. So, my advice is doing all this at once before close the distro by using the -f flag.

Sorry I didn't write the correct path. Without the -f option it didn't worked?

With the '-f it seem to have worked. Ihave to confirm once I reboot my PC if it still works.

Do you know if it is one-time use?

The first line ensures that the resolv.conf does not get generated by WSL - which is kinda obvious from the name of the variable, isn't it? ;-)
The second line is the actual change to Google's DNS servers.
So yes, it's a one-time thing.

Do you know if it is one-time use?

The first line ensures that the resolv.conf does not get generated by WSL - which is kinda obvious from the name of the variable, isn't it? ;-) The second line is the actual change to Google's DNS servers. So yes, it's a one-time thing.

Before only that was not working, despite the obvious, of course, but I admit that perhaps there had been some update in the WSL that now obeys the configuration. So at the time I had to have to use the sudo chattr -f +i /etc/resolv.conf. I never needed to repeat the commands anymore.

Using WSL 2, after:

• Adding generateResolvConf = false in /etc/wsl.conf.
• Shutdown WSL by issuing wsl --shutdown
• Unlink resolv.conf unlink /etc/resolv.conf

I was able to create /etc/resolv.conf and add nameserver 8.8.8.8.
There was no need for a firewall rule in Windows or the use of chattr +i in my case.

I got it eventually working. So what is this fuss all about?

It's just that wsl cannot figure out which DNS nameserver to use. Therefore, all that needs to be done is to

1. manually adjust the DNS nameserver to use (/etc/resolv.conf)
2. ensure that wsl sticks with your manual adjustment, i.e. prevent /etc/resolv.conf from being overridden

To get a list of nameservers around you do:

rem cmd.exe
ipconfig /all

and search for 'DNS Servers' within the listed network adapters. Blindly using 8.8.8.8 does not make any sense and I really question why someone even gives such an 'hardcoded' advice.

Next, ensure that /etc/wsl.conf contains the line generateResolvConf = false to ensure that handcrafted DNS nameserver is untouched.
By default -- on wsl -- /etc/resolv.conf is linked to a generated file. Therefore you may want to 'unlink' /etc/resolv.conf before changing.

Eventually "restart" wsl to get your changes effective. Usually done like sudo systemctl restart networking and friends. Not working in wsl. Therefore do something like

wsl --terminate <Ubuntu|Debian|whatever>         ;; stop
wsl -d <Ubuntu|Debian|whatever>                        ;; start

Yes, you can also use wsl --shutdown to kill all running distributions. Not polite cause it may also kill your local Docker as collateral damage.

Blindly using 8.8.8.8 does not make any sense and I really question why someone even gives such an 'hardcoded' advice.

Why? Pretty simple: If someone cares enough about which DNS they use, they should have absolutely no issue understanding what that command does, and how it can be changed to any other DNS IP they prefer.
But for all those "ONOES! Y U NO WERKY? HALP! KTHXBYE" type of people, using 8.8.8.8 should be good enough.

So yes, this does make a whole fucking lot of sense, no matter how much you question it.

Using WSL 2, after:

* Adding `generateResolvConf = false` in `/etc/wsl.conf`.

* Shutdown WSL by issuing `wsl --shutdown`

* Unlink resolv.conf `unlink /etc/resolv.conf`

I was able to create /etc/resolv.conf and add nameserver 8.8.8.8. There was no need for a firewall rule in Windows or the use of chattr +i in my case.

I had to repeat all this weird behavior, due a Windows 11 update and I couldn't make any updates again. So with your information about only using unlink /etc/resolv.conf doesn't work att all, because after you close and reopen the distro, the /etc/resolv.conf doesn't exist anymore. Also the command wsl --shutdown doesn't make sense because it will close the distro and when you reopen the /etc/resolv.conf is already deleted. So, only with the sudo chattr -f +i /etc/resolv.conf prevents it from been deleted. Done this to all of my distros and all is working well.
chattr +i is useful for protection from accidental deletion by root. Also an immutable file cannot be renamed or moved from one directory to another.
For the chattr -f see this my comment https://gist.github.com/coltenkrauter/608cfe02319ce60facd76373249b8ca6?permalink_comment_id=4466805#gistcomment-4466805

Using WSL 2, after:

* Adding `generateResolvConf = false` in `/etc/wsl.conf`.

* Shutdown WSL by issuing `wsl --shutdown`

* Unlink resolv.conf `unlink /etc/resolv.conf`

I was able to create /etc/resolv.conf and add nameserver 8.8.8.8. There was no need for a firewall rule in Windows or the use of chattr +i in my case.

I had to repeat all this weird behavior, due a Windows 11 update and I couldn't make any updates again. So with your information about only using unlink /etc/resolv.conf doesn't work att all, because after you close and reopen the distro, the /etc/resolv.conf doesn't exist anymore. Also the command wsl --shutdown doesn't make sense because it will close the distro and when you reopen the /etc/resolv.conf is already deleted. So, only with the sudo chattr -f +i /etc/resolv.conf prevents it from been deleted. Done this to all of my distros and all is working well. chattr +i is useful for protection from accidental deletion by root. Also an immutable file cannot be renamed or moved from one directory to another. For the chattr -f see this my comment https://gist.github.com/coltenkrauter/608cfe02319ce60facd76373249b8ca6?permalink_comment_id=4466805#gistcomment-4466805

I should've mentioned I am running Windows 10. My bad!

resolv.conf worked for me but after 10s DNS stops working again. I'm so confused

resolv.conf worked for me but after 10s DNS stops working again. I'm so confused

Please describe all the steps you did.

Thankyou
More recent resolution worked for me.

thank you,More recent resolution worked for me.

You are the best after 2 hours searching for a solution. you solve it in simple way thank you

DNS on WSL2 STILL JUST BREAKS: CLOSING THOUSANDS OF BUG REPORTS ON THIS 10 YEAR OLD BUG (WHICH IS NOT FIXED) IS WEIRD!

I have implemented that hard coded DNS solution (above) and it is a lot better, but WSL2 still looses it's DNS even if you disconnect briefly and reconnect your IPsec VPN. Once that happens still have to reboot. (I am running WSL2 on top end Dell laptop with up-to-date bios and Windows 10.)

When running ordinary applications under Windows or on a Linux PC, any disconnection of the network and reconnection allows all applications to reconnect to the network no problem; not so with WSL! When running WSL, DNS resolution is lost even with a brief disconnection or the lease time on the network driver laps and reconnects, after that you can’t connect or even ping devices unless you reboot!

Even with millions of complaints, and thousands of bug reports, this bug has been persistent for almost a decade and NOT FEXED IN JULY 2023! This is so serious many developers avoid all Docker development under WSL and Windows. When Windows programmers write Linux network code, what could possibly go wrong?

WSL team members even close bug reports rather than combine the data from thousands of similar reports. When reports are closed so that others can’t comment the geniuses have magically fixed the major bug right? NOT! The use of Docker Desktop makes it 100 times worse, but fortunately Docker Desktop is NOT Docker and many people run WSL2 without Docker Desktop.

Damn, I was following this instruction but somehow I broke my wsl.
My ~ folder has changed and I can't find my files. It seems it is now logging in as a root user, i don't think it was doing that before

Damn, I was following this instruction but somehow I broke my wsl. My ~ folder has changed and I can't find my files. It seems it is now logging in as a root user, i don't think it was doing that before

I fixed it!

Just enter: ubuntu config --default-user YOUR_USERNAME

The user was still there! It was just logging in always as root now for some reason.

Here is my solution for this problem. Basically I have accumulated everything mentioned above:
https://gist.github.com/ThePlenkov/6ecf2a43e2b3898e8cd4986d277b5ecf

• script removes all nameservers in /etc/resolv.conf and replaces them with actual IPs from powershell

sudo sed -i '/nameserver/d' /etc/resolv.conf
powershell.exe -Command '(Get-DnsClientServerAddress -AddressFamily IPv4).ServerAddresses | ForEach-Object { "nameserver $_" }' | tr -d '\r' | sudo tee -a /etc/resolv.conf > /dev/null

• script is configured as a boot command which is available in Win 11. If it's applicable for you - it helps a lot

@ThePlenkov That worked for me, thanks!