DNS Server and port 53

[boan-jfm]

Version

Microsoft Windows [Version 10.0.19044.1766]

WSL Version

• WSL 2
• WSL 1

Kernel Version

5.4.72

Distro Version

Ubuntu 2204

Other Software

Dnsmasq - configured to listen on 0.0.0.0 interface or 127.0.0.1 - default port 53

Repro Steps

1. Let dnsmasq listen on port 53 for dns lookups
2. Try in WSL 2 to make nslookup example.org 127.0.0.1 and see the correct result
3. Try in PowerShell to make nslookup example.org 127.0.0.1 - Server: UnKnown

If you run a netstat -nab in PowerShell

UDP    0.0.0.0:53             *:*
SharedAccess
[svchost.exe]

It seems like a service occupying port 53 on Windows when running WSL. I have tried with a Windows restart - and the SharedAccess seems to start with the WSL start up.

Expected Behavior

You should be able to run nslookup within Windows and not only in WSL 2.

Actual Behavior

dnsmasq runs fine in WSL 2, but can not be reached within the Windows environment

Diagnostic Logs

WSL

nslookup foo.test 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   foo.test
Address: 127.0.0.1

PowerShell

nslookup foo.test 127.0.0.1
Server:  UnKnown
Address:  127.0.0.1

*** UnKnown can't find foo.test: No response from server

[OneBlue]

Thank you for reporting this @boan-jfm.

UDP traffic can't be routed to WSL via 127.0.0.1 at this time, but TCP should work.

Can you try in TCP mode? What's the output of nslookup -vc foo.test 127.0.0.1

[boan-jfm]

I did a netstat to see if there where some listing on TCP before testing - and it was:

 TCP    127.0.0.1:53           0.0.0.0:0              LISTENING
 TCP    [::1]:53               [::]:0                 LISTENING

nslookup -vc foo.test 127.0.0.1

WSL response (immediately)

Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   foo.test
Address: 127.0.0.1

PowerShell response (very slow - maybe minutes)

Server:  localhost
Address:  127.0.0.1

Name:    foo.test
Address:  127.0.0.1

It seems to work with TCP lookup - but it is very slow, and you can't select whether a common client should use TCP or UDP?

I wanted to test some implementations and point my test device to the developer machine running dnsmasq in WSL, and let the "test" TLD point to the nginx server running on the same machine - but i think this requires UDP to be available?

[OneBlue]

DNS can happen over either TCP or UDP so I don't think UDP is needed here.
I'm surprised that the lookup takes that long though.

What if you try to use WSL2's ip address directly (both UDP and TCP) ? (You can get it by run ip a inside WSL2. The interface is eth0).

[boan-jfm]

PowerShell
nslookup foo.test 172.19.115.220

Server:  UnKnown
Address:  172.19.115.220

Name:    foo.test
Address:  127.0.0.1

nslookup -vc foo.test 172.19.115.220

Server:  UnKnown
Address:  172.19.115.220

Name:    foo.test
Address:  127.0.0.1

nslookup -vc foo.test 127.0.0.1

Server:  localhost
Address:  127.0.0.1

Name:    foo.test
Address:  127.0.0.1

nslookup foo.test 127.0.0.1

Server:  UnKnown
Address:  127.0.0.1

*** UnKnown can't find foo.test: No response from server

Every lookup is fast now - I do not know if there is a cache - but seems to work with the WSL 2 IP address on eth0. The only lookup not working is the UDP against 127.0.0.1 - but I think my test devices should work when using the WSL 2 IP address. I will try that again - thank you.

Is there an explanation for why UDP is not working for 127.0.0.1?

[boan-jfm]

Okay - maybe I need some knowledge on how IP is mapped from Windows to WSL.

WSL
ip a

eth0: <BROADCAST,MULTICAST,UP,LOWER_UP>
inet 172.19.115.220/20 brd 172.19.127.255 scope global eth0

PowerShell
ipconfig

Ethernet adapter vEthernet (WSL)
IPv4 Address. . . . . . . . . . . : 172.19.112.1
Subnet Mask . . . . . . . . . . . : 255.255.240.0

Wireless LAN adapter Wi-Fi:
IPv4 Address. . . . . . . . . . . : 10.0.50.120
Subnet Mask . . . . . . . . . . . : 255.255.252.0

nslookup foo.test 10.0.50.120 (To the WIFI adapter)

Server:  UnKnown
Address:  10.0.50.120

*** UnKnown can't find foo.test: No response from server

How can I get the lookup to work on the external interfaces?

[asampal]

I have the pretty much the same need as @boan-jfm. I need to hit a service running in WSL from another device on my local network where that device uses a DNS name that can only be resolved by my local system. I was hoping to add my system as a secondary DNS server in my local network router configuration. The client on the device in question would only try UDP for the name resolution, so TCP is probably not an option.

If the DNS service is needed to have things working between host and guest (WSL), would it be possible to add to the configuration that the SharedAccess service module is using for resolution? As it stands, I can't run a DNS server listening on UDP port 53 nor can I add additional entries to the existing service. @OneBlue, would it be possible to add this functionality? Can this be done today via some undocumented config?

BTW, @boan-jfm , on my system, I don't see a listening service using TCP port 53, only UDP. Did I understand correctly that on your system you have something using TCP?

[boan-jfm]

@asampal When I run dnsmasq in WSL2 it listen on UDP and TCP port 53 as default.

[asampal]

When I tried to install dnsmasq in WSL2 it actually mentioned a failure due to port 53 already being used as you can see here:

This should be expected given the SharedAccess service module which is tying up the port.

I wonder how it installed for you without any warnings. Perhaps it's due to differences in Windows and WSL kernel versions. I'm at:

WSL version: 0.70.5.0
Kernel version: 5.15.68.1
WSLg version: 1.0.45
MSRDC version: 1.2.3575
Direct3D version: 1.606.4
DXCore version: 10.0.25131.1002-220531-1700.rs-onecore-base2-hyp
Windows version: 10.0.22000.1165

[boan-jfm]

I do not know. But @OneBlue did not mention the "SharedAccess" as an issue in his first comment - I mentioned it in the issue description as i thought it was blocking the DNS requests to WSL.

As far as I understand it, WSL 2 has its own closed environment (VM) - if you run ip a, you can see the internal ip address for the virtual network interface "eth0". I have done some experiments where I need to map my physical WIFI adapter in Windows to this virtual network interface within WSL 2 to be able to make a nslookup request on the public IP. You can get some inspiration here.

In WSL 2 you can run netstat -lnp to see if there are any other services listing on port 53.

[asampal]

Where I said, "This should be expected given the SharedAccess service module which is tying up the port.", more precisely it would be the case if the WSL2 adapter that dnsmasq was trying to bind to was bridged to the host adapter.

[boan-jfm]

Just a note: From the following comment #8783 (comment) I tried to run ethtool -K eth0 tx off without any changes in the results.

[patrickpoirier51]

Is there any updates on the resolution of this issue ?

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

dumb bot

[mateors]

How you stop listening sharedaccess program on your ubuntu using the following steps.

Create a .wslconfig file in your user home directory

C:\Users\mostain\.wslconfig

add the following content and save changes. dnsTunneling = false

[wsl2]
localhostForwarding = true
networkingMode = NAT
dnsProxy = true
firewall = true
dnsTunneling = false

Now if you are already inside wsl2

exit from wsl and shutdown using wsl --shutdown command.

Wait 8 seconds and login to your wsl using wsl -u username

Check who is listening port 53 using the following command:

sudo lsof -nP -iTCP:53 -sTCP:LISTEN