Permanent WSL DNS Fix (WSL 2.2.1+)

If you're encountering ping github.com failing inside WSL with a Temporary failure in name resolution, you're not alone — this has been a long-standing issue, especially when using VPNs or corporate networks.

This issue is now fixed robustly with DNS tunneling, which preserves dynamic DNS behavior and avoids limitations like WSL’s former hard cap of 3 DNS servers in /etc/resolv.conf.

DNS tunneling is enabled by default in WSL version 2.2.1 and later, meaning that if you're still seeing DNS resolution issues, the first and most effective fix is simply to upgrade WSL. Upgrading WSL updates the WSL platform itself, but does not affect your installed Linux distributions, apps, or files.

To upgrade WSL, follow these steps,

# Run all of the following in a Windows terminal (PowerShell, Command Prompt, etc.)

# 1. Check your current WSL version
wsl --version

# 2. Close all open *WSL windows* — any Linux terminals running via WSL (Ubuntu, Debian, etc.)

# 3. Shut down the WSL subsystem
wsl --shutdown

# 4. Upgrade WSL
wsl --upgrade

# 5. Verify the upgrade was successful (version should now be >= 2.2.1)
wsl --version

# 6. Open your WSL terminal and test
ping github.com

# 🎉 If it works, drop a comment on this Gist and tell us how happy you are.

If needed, explicitly enable tunneling by creating (source):

# C:\Users\<YourUsername>\.wslconfig
[wsl2]
dnsTunneling=true

That’s it. No more messing with /etc/resolv.conf. No more weird hacks!

🧟 Previous Workarounds (for WSL < 2.2.1 or locked-down systems)

Preserved for historical transparency and for users unable to upgrade WSL.

# In WSL
cd /etc
echo "[network]" | sudo tee wsl.conf
echo "generateResolvConf = false" | sudo tee -a wsl.conf

# Back in Windows
wsl --terminate <DistroName>  # or use wsl --shutdown

# Back in WSL
sudo rm -f /etc/resolv.conf
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf
echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf
sudo chattr +i /etc/resolv.conf

If you're using a VPN like Cisco AnyConnect:

Get-NetAdapter | Where-Object { $_.InterfaceDescription -Match "Cisco AnyConnect" } | Set-NetIPInterface -InterfaceMetric 6000

🙌 Credit & Sources

Big thanks to,

@ThePlenkov/(comment) — the first to publicly document the DNS tunneling fix in .wslconfig (WSL 2.2.1+)
@skudbucket — for confirming and spreading awareness
@MartinCaccia, @yukosgiti, @machuu, @AlbesK — for documenting earlier workarounds
GitHub Issue #4277
GitHub Issue #4246
Legacy fix from #4285
WSL DNS Tunneling Docs
WSL Config Docs
WSL 2.2.1 Release Notes

If you're still using manual resolv.conf hacks in 2024+, you're solving a problem that's already been solved.

[experimental] autoMemoryReclaim=gradual # gradual | dropcache | disabled networkingMode=NAT # mirrored | NAT | None dnsTunneling=true firewall=true autoProxy=true [wsl2] guiApplications=false #https://forum.xfce.org/viewtopic.php?id=16906

coltenkrauter/fix-wsl2-dns-resolution.md

Permanent WSL DNS Fix (WSL 2.2.1+)

🧟 Previous Workarounds (for WSL < 2.2.1 or locked-down systems)

🙌 Credit & Sources

toyo2333 commented May 29, 2025

Uh oh!

Neznakomec commented May 29, 2025

Uh oh!