/etc/resolv.conf and secondary DNX suffixes

[a8ksh4]

• A brief description - Mainly a question: How do we get secondary dns suffixes into the /etc/resolv.conf since it is automatically generated? Under the advanced TCP/IP settings -> DNS -> Append these DNS suffixes setting in windows, I have several listed, but they don't make it into the WSL resolv.conf.
• Expected results - It should be possible to either override the /etc/resolv.conf auto-generation or it should import additional DNS suffixes from windows TCP/IP settings.

Here are the TCP/IP settings:

And here is ipconfig /all output:

C:\Users\dan>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dan-MOBL
Primary Dns Suffix . . . . . . . : amr.corp.foo.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : amr.corp.foo.com
fm.foo.com
a.foo.com
b.foo.com
c.foo.com
d.foo.com
e.foo.com
f.foo.com
g.foo.com

Ethernet adapter Ethernet 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek USB GbE Family Controller
Physical Address. . . . . . . . . : 00-E0-1B-6F-F7-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Lenovo USB Ethernet
Physical Address. . . . . . . . . : 00-50-B6-60-CB-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VirtualBox Host-Only Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 0A-00-27-00-00-16
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 44-85-00-13-03-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 46-85-00-13-03-94
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : fm.intel.com
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-LM
Physical Address. . . . . . . . . : 50-7B-9D-A6-55-58
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.19.123.139(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, July 29, 2016 7:21:32 AM
Lease Expires . . . . . . . . . . : Friday, July 29, 2016 7:21:28 PM
Default Gateway . . . . . . . . . : 10.19.123.251
DHCP Server . . . . . . . . . . . : 10.2.71.6
DNS Servers . . . . . . . . . . . : 10.2.3.4
10.5.6.7
10.4.5.6
Primary WINS Server . . . . . . . : 10.3.2.1
Secondary WINS Server . . . . . . : 143.9.9.9
134.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.223.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, July 29, 2016 7:21:24 AM
Lease Expires . . . . . . . . . . : Friday, July 29, 2016 10:21:24 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.223.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.32.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, July 29, 2016 7:21:24 AM
Lease Expires . . . . . . . . . . : Friday, July 29, 2016 10:21:24 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.32.254
Primary WINS Server . . . . . . . : 192.168.32.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 44-85-00-13-03-98
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : fm.foo.com
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8260
Physical Address. . . . . . . . . : D6-9A-00-E2-08-BA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

C:\Users\dan>

• Actual results (with terminal output if applicable)

  dan@dan-MOBL:~$ cat /etc/resolv.conf

  DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

  nameserver 10.1.2.3
  nameserver 10.4.5.6
  nameserver 10.7.8.9
  search fm.foo.com
  dan@dan-MOBL:~$

• Your Windows build number
  14372

[a8ksh4]

updated w/ ipconfig /all content, instead of just ipconfig.

[benhillis]

Thanks for providing this info, our networking wizard is getting back from vacation on Monday and I'll sync up with him to see if he can figure out what's going on.

[a8ksh4]

I think normal way to work around this would be to put additional search domains into the /etc/resolvconf/resolv.conf.d/post file and they should be appended to /etc/resolv.conf when it is generated, but I don't think this is working either.

[Nindaleth]

I think on Ubuntu the additional search domains are added into /etc/resolvconf/resolv.conf.d/tail (see man resolvconf), but that doesn't work for me either.

[sunilmut]

As per the current design, WSL tries to keep /etc/resolv.conf up to date and in sync with the Windows DNS entries. But the "stay up to date" does not seem to be happening (see #1028 for more details). Currently, we don't anything with secondary DNS suffixes. But, this is great feedback. I have opened a task internally to track the work needed to make this less painful. Meanwhile, please provide the same feedback on our User Voice Page and continue to post any suggestions around solutions. We love your feedback!

[bitcrazed]

In Linux, search domains are declared by adding the "search [,<domain]*" entries into resolv.conf, e.g.:

search example.com local.lan
nameserver 127.0.0.1
nameserver 172.16.1.254
nameserver 172.16.2.254
nameserver 192.168.137.2

However. by default, WSL will auto-generate resolv.conf, overwriting any changes you make. But as @sunilmut points out above, a recent Insider build adds the ability to turn-off auto-generation by removing the comment at the top of the file.

Note: Be sure to keep a copy of resolv.conf so that you can restore it if you want WSL to resume auto-generating resolv.conf in the future (See #1028 for details).

Also, the WSL resolv.conf auto-generator doesn't add search suffixes configured on Windows network connections. We have an internal task tracking this scenario and will update this thread if/when it pops off the backlog ;)

[saxonww]

For anyone who reads the above and thinks removing the comment in resolv.conf will fix this - it won't. That method appears to only work while there is an active WSL session, i.e. if you close all open WSL windows and then open a new one, your /etc/resolv.conf is regenerated even if you've previously removed the comment line.

This is true at least in the Fall Creator's Update (build 16299.19) as of today. I also experienced this with the first Creator's Update in the spring. I assume it's always been this way.

I didn't see anything in User Voice for this as suggested here, so I created a new idea here if people want to go vote on it.

Finally, as a workaround, I set up a file ~/resolv.conf.add with my desired suffix search list in it. Then I modified my .bashrc to copy the generated /etc/resolv.conf minus the last line (which is the search line), cat my file with the result, then copy back to /etc.

Content of ~/resolv.conf.add:
search suffix1.com suffix2.com suffix3.com suffix-etc.com

Relevant content of ~/.bashrc:

cat /etc/resolv.conf | head -n -1 > /tmp/resolv.conf
cat ~/resolv.conf.add >> /tmp/resolv.conf
sudo mv /tmp/resolv.conf /etc/resolv.conf

This will make you enter your WSL password every time you open a WSL window. There are various ways around this, but all of them (that I can think of) to get rid of the prompt completely involve changing /etc/sudoers to allow running that mv command without entering a password. Probably the 'safest' would be to locate all the bashrc commands above into a separate script, which is itself allowed to run for your user with NOPASSWD in /etc/sudoers. Then call that separate script from your .bashrc.

It would be really great if the WSL /etc/resolv.conf autogeneration/autoupdate handling were changed to include the entire configured DNS suffix search list from Windows, or to allow a more standard way of overriding the generated list that persists between WSL sessions. For most home users the existing behavior is fine, but workplace users are likely to have a need for more complicated DNS suffix search lists and the WSL behavior here is not ideal.

[cfiderer]

I regard the current behavior as a bug: if WSL generates the /etc/resolv.conf file, it should take all the information from the Windows network configuration and put it there, too. This includes the search domain list.

[mlheur]

I agree the current behavior is a bug. Secondary search suffixes from windows should be added to the search list in resolv.conf. Any other workaround, such as populating resolv.conf as part of your profile, or login routine, is simply a hack because the original product was wrong.

[rennex]

At least now, for me, the following procedure seems to prevent WSL from overwriting resolv.conf:

1. Make sure that /etc/resolv.conf is a regular file, not a symlink like it is by default
2. Remove the comment line about it being auto-generated
3. Make any other edits you want

To check that it doesn't get overwritten any more, you can force a "shutdown" of the Linux system by running this command in an elevated cmd.exe: net stop LxssManager, then start a new WSL shell and check if your changes are still there.

[timriker]

Any update on this? I too would like to see all domains added to the one search line in /etc/resolv.conf

search domain1 domain2 ...

The current behavior appears to be incorrectly setting "search" to the Primary Dns Suffix. "search" should be set to a space separated list from the "DNS Suffix Search List"

[jsmouret]

The problem with unlinking /etc/resolv.conf is that things will break when roaming around with a laptop and changing network.

I would suggest an option in /etc/wsl.conf like:

[network]
generateHosts = true
generateResolvConf = true
**extraSearchDomains** = example.com

or even something more generic:

[network]
generateHosts = true
generateResolvConf = true
resolvConfHeader = my_custom_header.conf
resolvConfFooter = my_custom_footer.conf

[schmitmd]

Any updates on this? Been open for 3.5 years now...

[qodfathr]

I recently made the move from WSLv1 to WSLv2, and this ranks as one of my two greatest pain points with v2.

[tjhowse]

I also ran aground on this issue during my WSL1 -> WSL2 migration. My workaround is to disable WSL's /etc/resolv.conf auto-generation and hardcode my organisation's DNS servers and search hostname suffixes. Not ideal.

[yvesdm]

Same for me, moving to WSL2 and the dns uffixes are missing ...

[tomvo12]

same for me w/ WSL2, dns search domains are not added at all which means local systems are only reachable using the FQDN

[AstonDavies]

I have something similar going on but my issue is that once connected to the VPN I am unable to resolve any VPN DNS entries from the Windows side. It only does this when WSL2 is installed. If I remove WSL2 then it all works again.

The ipconfig shows that all the DNS suffixes are configured correctly and from a Windows powershell I can nslookup any address and it is using the correct DNS server:

I can ping and traceroute to any IP on the network (VPN or not) and resolve non VPN addresses:

Windows explorer cannot resolve any VPN addresses either so connection to corporate file shares does not work. The only way I can get it to work (in Windows) is to manually update the DNS server addresses to use the DNS on the VPN.

The WLS2 side can resolve these addresses, provided the FQDN is used. Updating /etc/resolv.conf with the search line then fixes the requirement for an FQDN.

Anyone else have this issue in Windows?

[thomasthorsen]

Any update on this? Ideally, it should just take the "DNS Suffix Search List" and transfer it to /etc/resolv.conf. This is disrupting, because not only are things not working out of the box, it is difficult to create something static that doesn't break when network config changes (e.g. due to switching location, or restarting).

[gubenkoved]

would love to see this fixed as well...

[Tetz95]

I'm going to put my "me too" in here as well. Overriding the resolv.conf file with my own org's settings is fine for a PC that doesn't go anywhere, but I have a laptop. My connection suffix can change on a regular basis and I would like that change to be reflected in the search directive.

[MikaelUmaN]

This is a problem for me as well.

My resolv.conf does not pick up the primary dns suffix and I have to add it manually to all hostnames.

How can i make WSL2 pick up the primary dns suffix automatically?

[Sgt-Nukem]

Since the migration from WSL to WSL2 I ran into the issue as well. 😠

...

I also ran aground on this issue during my WSL1 -> WSL2 migration. My workaround is to disable WSL's /etc/resolv.conf auto-generation and hardcode my organisation's DNS servers and search hostname suffixes. Not ideal.

I cannot even do this, as I have hosts/resolv.conf pseudo-domains to my local IPs and the WSL2 networking IPs are always auto-generated on startup.

Something like this would work:

[network]
generateHosts = true
generateResolvConf = true
generateSearchDomains = true  // either take them all
setSearchDomains = corp.contoso.example.com   contoso.com   // or specify which ones to set explicitly

[timriker]

This is harder given the common work-from-home. I need one set of entries in resolv.conf while off VPN and a different set while on VPN. #5806 bugs with AUTHORITY/ADDITIONAL records mishandled by the WSL local DNS cache makes this even harder.

[ntextreme3]

I used generateResolvConf = false in /etc/wsl.conf like many others here since the search line wasn't being copied over properly from Windows settings. I don't restart that often, so my first time restarting (maybe 2 weeks later) I had dns issues since my nameserver was incorrect. So I went and hacked this together to be able to update that line automatically.

# in ~/.bashrc, WSL2 Ubuntu18.04
refresh_resolvconf() {
  # Get the IP Address (without any carriage return added by running a Windows command)
  NAMESERVER=`/mnt/c/WINDOWS/system32/netsh.exe interface ip show config name="vEthernet (WSL)" \
    | grep "IP Address" \
    | cut -d: -f2 \
    | sed "s/\r//"`
  # Replace the nameserver line - line 6 in my config
  sudo sed -i "6s/.*/nameserver $NAMESERVER/" /etc/resolv.conf
}

Idk if it was because of the 2 weeks between or what in which time I forgot that nameserver had always worked before, but it was only after doing all this that I realized it would just have been easier to let the resolv.conf be generated and just add my search domains in 😂

So now I'm just doing

sudo bash -c "echo search company.com >> /etc/resolv.conf"

... that was fun ... Hopefully this helps someone.

[ecoutinho]

@ntextreme3 Thanks! Following that line of thought, I've added to .bashrc

if ! grep -q "search" /etc/resolv.conf; then
sudo bash -c "echo search company.com >> /etc/resolv.conf"
fi

[jantari]

Thank you @mheyman and @dklawson for the starting point in solving this annoying issue.

However the script seems overly complicated for me and more importantly, only works on en-US Windows installations because of the language-specific grep-ing used.

On my system, the DNS nameservers are correctly added and updated by WSL itself - including when I'm on my companies VPN. This is because the VPN client is configured to add the corporate DNS servers to the local NICs as well on connect (as opposed to only having them set on the virtual VPN interface). This is generally the preferred setup because it makes DNS queries much faster: rather than Windows waiting for your public resolvers to time out for internal DNS queries before it tries another DNS server, all DNS queries go to the corporate DNS which resolves both internal and external names quickly. But whether this works on your machine will depend on whether your VPN client sets the DNS servers on all interfaces or not.

Anyway, that's just the nameservers, the DNS search suffix was still missing every time for me and I wanted a robust, language-independent solution.

---

/opt/add_dns_search_suffix.sh

#!/bin/bash

set -euo pipefail

# Gets the global DNS domain of the computer as well as the DNS search suffix domains of all
# individual network interfaces, deduplicates any entries and formats them in a single line
DNSSEARCH=$(/mnt/c/windows/System32/WindowsPowerShell/v1.0/powershell.exe -NoLogo -NoProfile -Command \
  "[System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties().DomainName; \
  [System.Net.NetworkInformation.NetworkInterface]::GetAllNetworkInterfaces().GetIPProperties().DnsSuffix" \
  | tr -d '\r' | uniq | tr -s '\n' ' ')

echo "Will set search domains: ${DNSSEARCH}"

echo "search ${DNSSEARCH}" | sudo tee -a /etc/resolv.conf > /dev/null

Setting permissions on the shell script

sudo chown root.root /opt/add_dns_search_suffix.sh
sudo chmod 0744 /opt/add_dns_search_suffix.sh

/etc/sudoers.d/add_dns_search_suffix

Cmnd_Alias        CMDS = /opt/add_dns_search_suffix.sh
%sudo  ALL=NOPASSWD: CMDS

At the end of my ~/.bashrc

echo "UPDATING WSL DNS SEARCH SUFFIXES ..."
sudo /opt/add_dns_search_suffix.sh
echo "UPDATING WSL DNS SEARCH SUFFIXES DONE"

---

This works great on Windows 10 Version 21H2 (Build 19044.x) using Ubuntu 20.04 and 22.04 in WSL1.

On this setup at least, I have not needed to pass/preserve the WSL_INTEROP variable at all. It didn't break anything either but I got this error whenever the bashrc runs and because it wasn't needed for me I just removed it. Maybe it's needed for WSL2, if that's the case you can add those lines back.

Hope this helps!

[mheyman]

Thanks @jantari! I updated my answer to include the simpler powershell command to get the search line.

[SimonPickup]

I found I needed to use:
Get-DnsClientGlobalSetting |select -expand SuffixSearchLIst
when setting DNSSEARCH.

[timriker]

@mheyman hi!

Thanks for your solution

Still struggling with getting it working as my /mnt/c does not contain a Windows folder

baf@Legion5-3070:~$ ls -lah /mnt/c/
total 16K
drwxrwxrwx 4 root root 4.0K Mar 29 20:13 .
drwxr-xr-x 4 root root 4.0K Mar 10 14:48 ..
drwxr-xr-x 4 root root 4.0K Mar 29 20:08 Repos
drwxr-xr-x 3 baf  baf  4.0K Mar 15 10:54 Users

Where is your Windows directory? Try this:
$ echo $PATH|sed -e 's/:/\n/g'|grep -i windows/system32/$
/mnt/c/WINDOWS/system32/

[JAZ-013]

I don't know if it's just me missing something or not knowing enough, but using the above scripts to write an updated /etc/resolv.conf resulted in multiple search domain.com lines every time I opened a terminal. I had to add a test with grep to append if it is not there, or replace it using sed if it was already.

I made it update rather than just skip in case my network changes I can just rerun the script and it will update if needed.

if grep -q "^search" /etc/resolv.conf ; then
        sudo sed -i "s/^search.*/search ${DNSSEARCH}/g" /etc/resolv.conf > /dev/null
else
        echo "search ${DNSSEARCH}" | sudo tee -a /etc/resolv.conf > /dev/null
fi

[rossnick]

I just found this issue while googling for this problem. It boggles my mind that this issue was opened 6 years ago and still I need to do some kludgy shell script to add the windows search domains to resolv.conf in my WSL distro...

[abdelhousni]

Hello,
Same problem here : with a vpn connection comes new settings (dns suffixes, dns servers IP, ...)
It would be great to get those settings directly via wsl.conf
Thanks

[mucst]

I took some inspiration from @saxonww , thanks for that. I share my fix bellow (even though it is still just a hack ).

• Disabling generateResolvConf in /etc/wsl.conf is bad, don't do it (as discussed above. It will break your connection when your host's ip changes, after a restart or so).
• Having resolv.conf generated will prevent you (at least me) from doing something like this in my .bashrc: echo 'search xxx' >> /etc/resolv.conf . Don't do this, it results in permission denied, even as sudo.

And the solution: Apparently, at this point it seems that even though I cannot cat into wsl.conf, I can still overwrite it (??). Hence I add the following to my .bashrc (or .bash_profile, depending on how your shell in initialized):

if ! grep -q 'search xxx' /etc/resolv.conf
then
  cat /etc/resolv.conf > /tmp/resolv.conf
  echo 'search xxx' >> /tmp/resolv.conf
  sudo mv /tmp/resolv.conf /etc/resolv.conf
fi

The above snippet speaks for itself. I generate an extended resolv.conf (w/ desired changes) in /tmp and move that over my /etc/resolv.conf. Seems to work for the time being, even after a wsl --shutdown. I haven't tried this with restarting my windows host, however the if condition seems to kick in (if I echo some message in under the then).

Drawback of this solution is that this only changes the resolv.conf upon a shell start, which is, from a technical perspective not a genuine solution (at least in my opinion) but it aids some scenarios.

[timriker]

Something like:

sudo echo foo >> file

will run the echo as root, but the redirection still runs as you. Use tee --append or tee -a.

if ! grep -q '^search' /etc/resolv.conf ; then
  echo 'search xxx' | sudo tee -a /etc/resolv.conf
fi

[bytespec]

I'm using this to add my DNS suffix (using wsl.exe to run it as root, so it doesn't require any sudo prompts or changes).

Added to ~/.profile:

# Set DNS suffix
if ! (grep -q "search" /etc/resolv.conf); then
    echo "Setting DNS suffix..."
    wsl.exe -d "${WSL_DISTRO_NAME}" -u root -e /usr/bin/sed -i '$ a\search my.domain.suffix' /etc/resolv.conf
fi

[syarnellen]

Thank you to everyone who has presented solutions to this problem.

It would be great to get an actual solution.

I have taken @mheyman solution above and adjusted the search domain list to come from the following:

Get-DnsClientGlobalSetting | Select-Object -ExpandProperty SuffixSearchList

And the solution seems to work ok.

[bramhaag]

It has been 7 years since this bug was reported. The available workarounds are cumbersome and fragile.

Thanks for providing this info, our networking wizard is getting back from vacation on Monday and I'll sync up with him to see if he can figure out what's going on.

@benhillis, have they returned from vacation yet?

[cfiderer]

Bye, Microsoft - I am a lucky MacOS user now.

[arm000]

Just ran into this issue also and surprised there is no official solution. If I install systemd under WSL does systemd take over generation of resolv.conf from WSL, and can I fix it there?

[miiichael]

systemd-resolved can be optionally configured to manage /etc/resolv.conf. Obviously you would need to tell WSL to not manage /etc/resolv.conf itself first. Though I think doing this and adding domains to /etc/systemd/resolved.conf is probably just a more complicated way of adding the same domains to /etc/resolv.conf directly; systemd-resolved will use /etc/resolv.conf contents when not managing the conffile itself.

[arm000]

systemd-resolved can be optionally configured to manage /etc/resolv.conf. Obviously you would need to tell WSL to not manage /etc/resolv.conf itself first. Though I think doing this and adding domains to /etc/systemd/resolved.conf is probably just a more complicated way of adding the same domains to /etc/resolv.conf directly; systemd-resolved will use /etc/resolv.conf contents when not managing the conffile itself.

I want to avoid hardcoding the DNS server in resolv.conf as this is fragile. What I'm hoping is that I can override the search domain in one of the /etc/systemd/resolved.conf.d/*.conf files, use the systemd stub DNS and have systemd forward the DNS queries to the nameserver. I don't understand how systemd works inside WSL though. Normally systemd-resolved would get the nameserver from DHCP, does that work the same in WSL?

[bramhaag]

It looks like 2.0.0 might finally fix this:

• experimental.networkingMode - A new networking mode for WSL that adds new features and improves network compatibility
• experimental.dnsTunneling- Changes how WSL resolves DNS requests to improve network compatibility

[CatalinFetoiu]

Please try enabling "dnsTunneling" and let us know if it fixes the issue. thanks!

you can find more details at https://devblogs.microsoft.com/commandline/windows-subsystem-for-linux-september-2023-update/

[CatalinFetoiu]

We have added the following documentation about how DNS suffixes are handled in WSL - https://github.com/MicrosoftDocs/WSL/blob/main/WSL/troubleshooting.md#dns-suffixes-in-wsl

At the moment, to get secondary Windows DNS suffixes configured in WSL you need to have one of the following 2 configs in your wslconfig file
A) networkingMode=nat and dnsTunneling=true
B) networkingMode=mirrored

[ahsodex]

Please try enabling "dnsTunneling" and let us know if it fixes the issue. thanks!

you can find more details at https://devblogs.microsoft.com/commandline/windows-subsystem-for-linux-september-2023-update/

We have added the following documentation about how DNS suffixes are handled in WSL - https://github.com/MicrosoftDocs/WSL/blob/main/WSL/troubleshooting.md#dns-suffixes-in-wsl

At the moment, to get secondary Windows DNS suffixes configured in WSL you need to have one of the following 2 configs in your wslconfig file A) networkingMode=nat and dnsTunneling=true B) networkingMode=mirrored

Unfortunately, these options are only available on Windows 11, as per:
https://learn.microsoft.com/en-us/windows/wsl/wsl-config#configuration-settings-for-wslconfig,

networkingMode**
dnsTunneling**
Entries with an * after the value type are only available on Windows 11.
Entries with an ** after the value type require Windows 11 version 22H2 or higher."

This is what I get in Windows 10:
wsl: Unknown key 'networkingMode' in C:\Users\username\.wslconfig:1

Can you make this available for those of us in enterprises that still only support Windows 10?

Thanks!

[ahsodex]

For now I've added this to my ~/.bashrc (based on above tips):

# Set DNS suffix search list
if ! grep -q '^search' /etc/resolv.conf; then
  DNSSEARCH=$(powershell.exe -NoLogo -NoProfile -Command '(Get-DnsClientGlobalSetting | ForEach-Object {$_.SuffixSearchList}) -join " "')
  echo "search $DNSSEARCH" | strings | sudo tee -a /etc/resolv.conf > /dev/null
fi

[CatalinFetoiu]

hello @ahsodex, thanks for reaching out

Mirrored mode and DNS tunneling are Windows 11 only features, and we are currently not investigating backporting them to Windows 10

cc @craigloewen-msft @chanpreetdhanjal

[xieve]

For now I've added this to my ~/.bashrc (based on above tips):

# Set DNS suffix search list
if ! grep -q '^search' /etc/resolv.conf; then
  DNSSEARCH=$(powershell.exe -NoLogo -NoProfile -Command '(Get-DnsClientGlobalSetting | ForEach-Object {$_.SuffixSearchList}) -join " "')
  echo "search $DNSSEARCH" | strings | sudo tee -a /etc/resolv.conf > /dev/null
fi

For connection-specific suffixes (set by DHCP), one can use this PowerShell command instead:

(Get-DnsClient | ForEach-Object {$_.ConnectionSpecificSuffix}) -join " "

[abenoit-reeliant]

We have added the following documentation about how DNS suffixes are handled in WSL - https://github.com/MicrosoftDocs/WSL/blob/main/WSL/troubleshooting.md#dns-suffixes-in-wsl

At the moment, to get secondary Windows DNS suffixes configured in WSL you need to have one of the following 2 configs in your wslconfig file A) networkingMode=nat and dnsTunneling=true B) networkingMode=mirrored

Hello @CatalinFetoiu . I'm on Windows 11 Pro (23H2). I tried the following, but still do not get the DNS suffixes in WSL. What am I doing wrong ?

• Created C:\Users\myusername.wslconfig with this content:

[experimental]
networkingMode=mirrored

• Killed all WSL instances with net stop LxssManager
• Restarted a new WSL session => still no DNS suffixes

Also tried with this content, and no more luck.

[experimental]
networkingMode=nat
dnsTunneling=true

[jantari]

@abenoit-reeliant did you look at the docs? It doesn't go under [experimental]: https://learn.microsoft.com/en-us/windows/wsl/wsl-config#configuration-settings-for-wslconfig

[abenoit-reeliant]

Thanks @jantari I did look at the doc, but scrolled too fast and read the wrong header. However if I read correctly this time, it should be in [wsl2], but this doesn't work either.

After analyzing a bit more, I see that the suffixes are defined on one specific interface (they are set up when I connect to a VPN), so that might complicate things more.

The solution by xieve works for me when I use the ConnectionSpecificSuffix variant (with the drawback of having to sudo when opening a session).

[jantari]

There's been a bunch of good solutions posted here already, but the thread's gotten so long and scripts have been iteratively improved on it's not obvious what the best solution is. For any situation where networkingMode=nat or dnsTunneling=true is either unavailable or doesn't work, this should be easy to use and cover all bases:

#!/bin/bash

# https://github.com/microsoft/WSL/issues/701#issuecomment-1162887704
# https://github.com/microsoft/WSL/issues/701#issuecomment-1428917142

set -euo pipefail

# Gets the global DNS domain of the computer as well as the DNS search suffix domains of all
# individual network interfaces, deduplicates any entries and formats them in a single line
DNSSEARCH=$(/mnt/c/windows/System32/WindowsPowerShell/v1.0/powershell.exe -NoLogo -NoProfile -Command \
  '@([System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties().DomainName;
  [System.Net.NetworkInformation.NetworkInterface]::GetAllNetworkInterfaces().GetIPProperties().DnsSuffix;
  (Get-DnsClientGlobalSetting).SuffixSearchLIst).Where({ $_ })' | tr -d '\r' | awk '!seen[$0]++,ORS=" "')

echo "Will set search domains: ${DNSSEARCH}"

# Replacing or appending 'search ...' config line in resolv.conf
wsl.exe -d "${WSL_DISTRO_NAME}" -u root -e /usr/bin/sed -i \
  -e '/^\(search[[:blank:]]\).*/{s//\1'"${DNSSEARCH}"'/;:a;n;ba;q}' \
  -e '$asearch '"${DNSSEARCH}" \
  /etc/resolv.conf

I've been using this for years now, from WSL1 to WSL2. No need to sudo and should cover all scenarios including VPNs without issues.