WSL 2 DNS not working

[uweiner]

Windows build number: 10.0.19041.21

I know it sounds like previous DNS problem reports, but this one is a bit different...
If I use IP addresses and not network address names, the network works fine. But network addresses are not resolved into IP addresses.

On a WSL 2 Ubuntu command prompt, i query for an IP address:

$ nslookup google.com 15.64.64.53`

I can ping the 15.64.64.53 DNS Server. I can also get ping out to google.com:

$ ping -c 1 15.17.198.85
PING 15.17.198.85 (15.17.198.85) 56(84) bytes of data.
64 bytes from 15.17.198.85: icmp_seq=1 ttl=123 time=1.06 ms

I was expecting to get the IP address of google.com, but instead i got the following:

;; connection timed out; no servers could be reached

Wireshark capture show that the following took place:

1. 00:15:5d:50:51:ac -> 00:15:5d:50:57:89 : ARP : Who has 172.27.128.1? Tell 172.27.141.152
2. 00:15:5d:50:57:89 -> 00:15:5d:50:51:ac : ARP : 172.27.128.1 is at 00:15:5d:50:57:89

And that's it. Silence. The DNS query did not go on its way.
If I switch the distribution back to wsl 1, I get the proper response:

$ nslookup google.com 15.64.64.53
Server:         15.64.64.53
Address:        15.64.64.53#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.20.78
Name:   google.com
Address: 2a00:1450:400e:80a::200e

The wireshark capture in this case looks like this:

1. 15.18.71.122 -> 15.64.64.53 : DNS : Standard query 0x4a95 A google.com
2. 15.64.64.53 -> 15.18.71.122 : DNS : Standard query response 0x4a95 A google.com A 172.217.20.78
3.  15.18.71.122 -> 15.64.64.53 : DNS : Standard query 0x3a5 AAAA google.com
4. 15.64.64.53 -> 15.18.71.122 : DNS : Standard query response 0x3a5 AAAA google.com 2a00:1450:400e:80a::200e

Please don't suggest anything related to /etc/resolv.conf. It doesn't help.

[howyay]

Same issue,
Mine on the other hand says Network is unreachable no matter what I ping

EDIT: slow ring btw 19041

[MarkA-NC]

Same issue. /etc/resolv.conf suggestions have no effect. Full Windows reboot seems to fix.
10.0.19041.1
Ubuntu-18.04-LTS running as version 2.

I can ping via IP4 addr (ex. for github.com: ping 192.30.253.113 )
But ping github.com does not resolve.

[rm-bergmann]

The 'Network is unreachable' error is different from the DNS error but both related to the same problem. WSL2 is using a NAT adapter - vEthernet (WSL) Internal Network.

If you open network connections, right click and click status it probably says 'No Network'. ifconfig in wsl shows eth0 is on a 172 ip address.

To get around that I had to set the wsl adapter to 'External Network' in Hyper-V manager, and bridge it to my wifi connection, which gave the WSL2 adapter a 192.168 IP address.

Then in WSL2 I had to set the new IP address, and update resolv.conf with the new IP address of the wsl adapter:
sudo ifconfig eth0 192.168.0.21 netmask 255.255.255.0
sudo route add default gw 192.168.0.2

Everytime I had a incorrect config somewhere I would get the DNS error.

After I had all the config working correctly on the network bridge I could ping any hostname or IP address and got a response.

I tried this process again, uninstalled / reinstalled Ubuntu 18.04, I've set up the network bridge and IP's and I have the DNS error, despite the wsl2 vEthernet connection status saying 'internet' in ipv4. I must have the wrong config somewhere.

The annoying thing was even when I had the config set up correctly, rebooting would always generate a new IP address in WSL and I had to repeat the network bridge setup and IP address assignment.

#4285 and #3268 are duplicates of this one, and there are quite a few more related open issues. I've read through at least 10.

I set up a bridged network years ago with an external network adapter in my second pc for using VM's in hyper V, somehow it just works and I've never had any DNS or network problems in WSL2 with that PC. Hopefully these errors will go away when #4150 is ready but not sure when that will be.

[uweiner]

...I've set up the network bridge and IP's and I have the DNS error,
despite the wsl2 vEthernet connection status saying 'internet' in ipv4....
You did everything right but it will not help because the problem is not in the vEthernet Network Adaptor.

The proof for it is in my initial description: The Wireshark capture show that the problem is not with the network adaptor blocking the DNS query. The problem is that the DNS query request was never sent out. This is an internal WSL 2 problem that CAN NOT be solved by making changes in the Network Adaptor.

[MarkA-NC]

If I set my dist ver to WSL 2, then DNS works. If I set it back to WSL2, it fails. I too am unable to get it working in WSL-2. I did not have these issues until recently, and I’m unsure what changes I made to either Windows or WSL.

[uweiner]

Is anyone from Microsoft listening? If no, where can a defect report be submitted?

[uweiner]

I found the problem in my case: Firewall. If I disable my mcafee End Point Security Firewall, DNS works on my WSL 2.0 box:

$ nslookup google.com
Server:         172.27.128.1
Address:        172.27.128.1#53

Non-authoritative answer:
Name:   google.com
Address: 74.125.24.138
Name:   google.com
Address: 74.125.24.139
Name:   google.com
Address: 74.125.24.101
Name:   google.com
Address: 74.125.24.100
Name:   google.com
Address: 74.125.24.113
Name:   google.com
Address: 74.125.24.102
Name:   google.com
Address: 2404:6800:4003:c03::71

[uweiner]

Adding a Rule in Firewall that allows UDP port 53 (domain port) solves the problem too

[carlosparamio]

Perhaps related: I just noticed that something has being creating tons and tons of inbound rules at the Windows Firewall configuration relative to port 53 (DNS):

They are all of two types:

HNS Container Networking - ICS DNS (TCP-In), associated to svchost.exe.
HNS Container Networking - DNS (UDP-In), for any program.

I'm at Windows 10 Pro build 19564 with WSL2, using regularly Ubuntu 18.04.4 LTS and Docker CE 19.03.6 (from the Ubuntu packages provided by Docker [1], not the new experimental Docker for Windows that uses WSL2).

[1] https://docs.docker.com/install/linux/docker-ce/ubuntu/

If they're inbound rules, my first guess is that these are created by WSL2 for a local DNS server used on things like localhost resolution to the ip address of the WSL2 network interface.

It concerns me that so many rules have being created at the firewall, and I'm unsure about removing them, but could it be related that this registration process somehow fails, or it works but the addition of so many rules delays the actual DNS responses?

[PavelSosin-320]

It works in my evaluation copy of 2004. Additional info:

1. I use WiFi adapter exclusively. 2. Bypass my ISP DNS. Windows firewall uses Norton provider in which I let network utilities to go outside because they are not enabled by default.

[PavelSosin-320]

The only case when it fails is nslookup from inside docker-desktop ddstro:
C:\Users\Pavel>wsl nslookup -d docker-desktop www.google.com
;; Connection to 2a00:1450:4001:818::2004#53(2a00:1450:4001:818::2004) for docker-desktop failed: connection refused. I blame Norton firewall. I had all such "connection refused" for most of network uti;ities.
Oh sorry! it works too:
C:\Users\Pavel>wsl -d docker-desktop nslookup www.google.com
nslookup: can't resolve '(null)': Name does not resolve

Name: www.google.com
Address 1: 216.58.205.228 fra15s24-in-f228.1e100.net
Address 2: 2a00:1450:4001:800::2004 fra07s27-in-x2004.1e100.net
By my knowledge this is the "correct Google" for me

[stratmm]

Doing the following worked for me

Windows Features - Disable WSL
Reboot
Windows Feature - Enable WSL
Reboot

[Gary-Arcimoto]

I finally found a solution and I must say I didn't think of it. This came from another thread on Stack Overflow. The hosts file had a bunch of docker crap in it that I did not load however I did load docker desktop on my pc and uninstalled it after it broke a large amount of my build processes. I installed Ubuntu 18.04 AFTER uninstalling docker so it must leave all sorts of turds around for you to try and find - not exactly user friendly I would say!
"I checked /etc/hosts file. I had following in first line:

127.0.0.1 localhost

I had to remove that and adding the following in the /etc/hosts solved the problem for me

127.0.0.1 ip-XXX-XX-XX-XXX"

answered May 20 '19 at 0:40

Nabin
9,12666 gold badges5656 silver badges89

[qbanitsolution]

This will solve your issue..
https://gist.github.com/sivinnguyen/8bc0125b274250683a97e149cf270040

[Cthululz]

This was related to my firewall as well. I have simplewall turned on and it was blocking incoming UDP port 53 packets from the 192.168.x.x block. I enabled port 53 inbound and DNS immediately worked in WSL again.

[sean-mcmanus]

Doing the following worked for me

Windows Features - Disable WSL
Reboot
Windows Feature - Enable WSL
Reboot

That also fixed the issue for me. WSL/Ubuntu files still exist too.

[p1-ra]

I've got the same issue. On my side it was due to Windows FW. An easy lookup for it is to disable the FW globally or only for the WLS2 vEthernet adapter, then try to make a DNS query from WSL2; if it works the issue is bound to Windows FW configuration.

In that case, you can either take the time to analyse your FW rules or if you don't mind (as me), you can globally allow DNS queries by adding a new inbound/outbound rule for it:

[akshayhiremath]

The problem is the VPN Ethernet Adaptor's DNS server settings are not taken by the WSL.
These steps worked for me to add these settings manually: https://gist.github.com/akshayhiremath/1b3bff527b3eca6cd41cf60ce88f3a56/8570f9fb4dbd681fc7aabcc817fa18cbab5f1e86#file-fix-wsl2-dns-resolution

[dniets]

Open a PowerShell with adminitrative privileges and run:
New-NetFirewallRule -DisplayName "WSL" -Direction Inbound -InterfaceAlias "vEthernet (WSL)" -Action Allow

Thats all. You can keep using your windows host as DNS relay instead of modifying DNS servers in /etc/resolv.conf

More info

[yangli2014]

Open a PowerShell with adminitrative privileges and run: New-NetFirewallRule -DisplayName "WSL" -Direction Inbound -InterfaceAlias "vEthernet (WSL)" -Action Allow

Thats all. You can keep using your windows host as DNS relay instead of modifying DNS servers in /etc/resolv.conf

More info

It doesn't work for me

[gpion]

Doing the following worked for me

Windows Features - Disable WSL Reboot Windows Feature - Enable WSL Reboot

I was facing same issue (which has started just after "wsl --update") , that fixed it for me too.
Thanks