ErrorNotes

Fix WSL2 'Temporary failure in name resolution' โ€” No Internet Access

intermediate๐ŸชŸ Windows2026-03-17| Windows 10/11, WSL2 (Ubuntu 20.04/22.04, Debian, or any Linux distro under WSL2)

Error Message

Temporary failure in name resolution (inside WSL2)
#windows#wsl2#network#dns#internet

The Error

You open a WSL2 terminal, try to install a package or clone a repo, and get:

Temporary failure in name resolution

Two quick tests narrow it down fast:

$ ping google.com
ping: google.com: Temporary failure in name resolution

$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=113 time=11.4 ms

IP connectivity works. Domain resolution doesn't. That's a DNS problem, not a general network failure.

Why This Happens

WSL2 runs inside a Hyper-V VM with its own virtual network adapter. On startup, it auto-generates /etc/resolv.conf pointing to the Windows host gateway as the DNS server. Under normal conditions, it works. It breaks when:

  • A VPN client (Cisco AnyConnect, OpenVPN, WireGuard) changes routing tables and makes the gateway unreachable
  • Windows Firewall blocks traffic from the WSL2 virtual adapter
  • The auto-generated resolv.conf points to a stale or wrong address
  • You edited resolv.conf manually, but WSL2 overwrites it on the next restart

Debug Process

Step 1: Check your current DNS config

cat /etc/resolv.conf

You'll likely see something like:

# This file was automatically generated by WSL.
# [network]
# generateResolvConf = false
nameserver 172.31.16.1

That 172.x.x.x address is the Windows host gateway. If it's unreachable, every DNS lookup fails.

Step 2: Test if the nameserver responds

nc -zv $(grep nameserver /etc/resolv.conf | awk '{print $2}') 53

If it times out, the nameserver is unreachable from inside WSL2. That's your root cause.

Fix 1: Override DNS Immediately (Quick Test)

Replace the broken nameserver with a public DNS server:

sudo rm /etc/resolv.conf
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf

Test right away:

nslookup github.com

nslookup returning answers confirms DNS was the problem. But this won't survive a WSL2 restart โ€” it'll regenerate resolv.conf and wipe your change. Jump to Fix 2 to make it permanent.

Fix 2: Permanent DNS Override (Recommended)

Disable auto-generation and lock the config file.

Step 1: Edit /etc/wsl.conf:

sudo nano /etc/wsl.conf

Add:

[network]
generateResolvConf = false

Step 2: Remove the symlink WSL created and replace it with a real file:

sudo unlink /etc/resolv.conf
echo -e "nameserver 8.8.8.8\nnameserver 1.1.1.1" | sudo tee /etc/resolv.conf

Step 3: Lock the file so nothing overwrites it:

sudo chattr +i /etc/resolv.conf

Step 4: Restart WSL from PowerShell โ€” closing the terminal isn't enough:

wsl --shutdown

Reopen your WSL terminal and verify the fix held:

cat /etc/resolv.conf
nslookup github.com

Fix 3: VPN Is Breaking WSL2 Routing

VPN clients frequently hijack routing tables and cut off WSL2's network path to the host. From PowerShell (Administrator) on Windows:

# Enable forwarding on the WSL virtual adapter
Get-NetIPInterface | Where-Object {
  $_.InterfaceAlias -like '*WSL*'
} | Set-NetIPInterface -Forwarding Enabled

# Lower the metric so WSL traffic takes priority
Set-NetIPInterface -InterfaceAlias "vEthernet (WSL)" -InterfaceMetric 1

Then shutdown and restart WSL:

wsl --shutdown

Cisco AnyConnect in particular reverts these settings every time you reconnect. In that case, run the commands above after each VPN session โ€” or wrap them in a scheduled task that fires on network change.

Fix 4: Windows Firewall Blocking DNS

Nothing worked so far? Windows Firewall may be dropping UDP/TCP port 53 packets from the WSL2 subnet. Add explicit allow rules from PowerShell (Administrator):

New-NetFirewallRule -DisplayName "WSL2 DNS UDP" `
  -Direction Inbound `
  -InterfaceAlias "vEthernet (WSL)" `
  -Action Allow -Protocol UDP -LocalPort 53

New-NetFirewallRule -DisplayName "WSL2 DNS TCP" `
  -Direction Inbound `
  -InterfaceAlias "vEthernet (WSL)" `
  -Action Allow -Protocol TCP -LocalPort 53

Verifying the Fix

# Confirm DNS resolves
nslookup github.com

# Confirm HTTPS works end-to-end
curl -s -o /dev/null -w "%{http_code}" https://google.com

# Full package manager test
sudo apt update

apt update running clean means you're fully fixed.

Tips

WSL2 lives on a virtual subnet (typically in the 172.16.0.0/12 range). VPN subnet conflicts are a common hidden cause of this error โ€” your VPN grabs an overlapping CIDR block, and WSL2 traffic routes into a dead end with no DNS. I use ToolCraft's subnet calculator to quickly check whether two CIDR ranges overlap, which cuts out a lot of guesswork during these debugging sessions.

Lessons Learned

  • IP ping works, domain ping fails โ€” always DNS. Don't spend time debugging TCP/IP when the nameserver is the problem.
  • Set generateResolvConf = false in /etc/wsl.conf proactively if you use a VPN regularly. It prevents the issue entirely.
  • The chattr +i flag is a blunt but reliable way to stop WSL2 from regenerating resolv.conf when wsl.conf alone doesn't hold.
  • Always restart WSL with wsl --shutdown from PowerShell after network config changes. Closing the terminal window does not stop the WSL2 VM.

Related Error Notes

Fix 'HTTP Error 500.30 - ANCM In-Process Start Failure' When Deploying ASP.NET Core to IIS

HTTP Error 500.30 - ASP.NET Core app failed to start ANCM In-Process Start Failure

Fix WinRM 'WSManFault: The client cannot connect to the destination' on Windows

WSManFault Message: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests.

Fix NETSDK1045: The current .NET SDK does not support targeting .NET 8.0 on Windows

error NETSDK1045: The current .NET SDK does not support targeting .NET 8.0.