Autogenerated /etc/resolv.conf has invalid nameserver leading to issues like az login failures

[shivshanks]

Windows Version

Microsoft Windows [Version 10.0.26100.3194]

WSL Version

2.3.24.0

Are you using WSL 1 or WSL 2?

• WSL 2
• WSL 1

Kernel Version

5.15.153.1-2

Distro Version

Ubuntu 22.04.5 LTS

Other Software

azure-cli 2.69.0

Repro Steps

curl to https://login.microsoftonline.com/organizations and various other Microsoft sites hang leading to issues with az login on WSL. See this issue originally filed against az-cli -
Azure/azure-cli#30763

The problem seems to be that the auto generated /etc/resolv.conf has a nameserver in the private IP range like 10.255.255.x instead of picking the right one from Windows. It does have the correct search entries.

Expected Behavior

The auto generated /etc/resolv.conf should have a nameserver that is configured in Windows.

Actual Behavior

curl to https://login.microsoftonline.com/organizations and various other Microsoft sites hang.

Diagnostic Logs

~$ az login --use-device-code --debug
cli.knack.cli: Command arguments: ['login', '--use-device-code', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f2b509fb740>, <function OutputProducer.on_global_arguments at 0x7f2b5074e700>, <function CLIQuery.on_global_arguments at 0x7f2b50793c40>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: profile 0.001 2 8
cli.azure.cli.core: Total (1) 0.001 2 8
cli.azure.cli.core: Loaded 2 groups, 8 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f2b4f9bade0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/shivram/.azure/commands/2025-02-12.15-46-23.login.631.log'.
az_command_data_logger: command args: login --use-device-code --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7f2b4f9fbd80>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7f2b4fa2e160>, <function register_cache_arguments..add_cache_arguments at 0x7f2b4fa2e2a0>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x7f2b4fa2e340>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f2b5074e7a0>, <function CLIQuery.handle_query_parameter at 0x7f2b50793ce0>, <function register_ids_argument..parse_ids_arguments at 0x7f2b4fa2e200>]
cli.azure.cli.core.auth.persistence: build_persistence: location='/home/shivram/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /home/shivram/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/organizations
urllib3.connectionpool: Starting new HTTPS connection (1): login.microsoftonline.com:443

[github-actions]

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

View similar issues

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it!

Closed similar issues:

• Sudden loss of WSL2 DNS for several devs (#6722), similarity score: 0.72
• login.microsoftonline.com is not resolved in WSL (#5991), similarity score: 0.71

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

[shivshanks]

Attaching logs.

WslLogs-2025-02-14_13-30-58.zip

WslNetworkingLogs-2025-02-14_13-41-09.zip

[github-actions]

The log file doesn't contain any WSL traces. Please make sure that you reproduced the issue while the log collection was running.

Diagnostic information

Multiple log files found, using: https://github.com/user-attachments/files/18804791/WslLogs-2025-02-14_13-30-58.zip
.wslconfig found
Detected appx version: 2.3.24.0
Found no WSL traces in the logs

[shivshanks]

Attaching WSL logs again
WslLogs-2025-02-14_15-34-28.zip

[github-actions]

Diagnostic information

.wslconfig found
Detected appx version: 2.3.24.0

[zcobol]

@shivshanks switch to NAT networking. Mirrored mode seems broken, for now! At least on my setup.

WSL info:

WSL version: 2.4.11.0
Kernel version: 5.15.167.4-1
WSLg version: 1.0.65
MSRDC version: 1.2.5716
Direct3D version: 1.611.1-81528511
DXCore version: 10.0.26100.1-240331-1435.ge-release
Windows version: 10.0.26100.3037

wsl2.networkingmode=mirrored test:

zcobol@alaska:~$ wslinfo --networking-mode
mirrored
zcobol@alaska:~$ cat /etc/resolv.conf
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 10.255.255.254
zcobol@alaska:~$ ping -c 1 1.1.1.1
ping: connect: Network is unreachable

wsl2.networkingmode=nat test:

zcobol@alaska:~$ wslinfo --networking-mode
nat
zcobol@alaska:~$ cat /etc/resolv.conf
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 10.255.255.254
zcobol@alaska:~$ ping -c 1 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=56 time=11.5 ms

--- 1.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 11.480/11.480/11.480/0.000 ms

In mirrored mode there are lots of error messages on the debug console, like:

---cut---
[    1.761800] hv_netvsc fc232fd7-4443-4791-a539-deef713ec4d4 loopback0: renamed from eth2
[    1.820593] hv_netvsc 56f158a8-34f6-4282-8162-0e56086d23a0 (unnamed net_device) (uninitialized): unable to open channel: -19
[    1.822379] hv_netvsc 56f158a8-34f6-4282-8162-0e56086d23a0 (unnamed net_device) (uninitialized): unable to add netvsc device (ret -19)
[    1.823710] hv_vmbus: probe failed for device 56f158a8-34f6-4282-8162-0e56086d23a0 (-19)
[    1.950675] hv_netvsc 56f158a8-34f6-4282-8162-0e56086d23a0 (unnamed net_device) (uninitialized): unable to open channel: -19
[    1.952509] hv_netvsc 56f158a8-34f6-4282-8162-0e56086d23a0 (unnamed net_device) (uninitialized): unable to add netvsc device (ret -19)
---cut---

[shivshanks]

I am using NAT.

[lukeschlather]

I am suddenly seeing the same issue; dns does not work at all within WSL2 unless I change the resolv.conf, which is pointing at the IP of the Ethernet adapter vEthernet (WSL) that I can see in ipconfig on the host. I haven't updated anything recently, so I'm uncertain why this suddenly started failing.

[squillace]

Ack here; me and another member of my team have the same issue, precisely. @craigloewen-msft we need to resolve this; it's a blocker. I, too, am using NAT.

[craigloewen-msft]

Hi folks,

We have root caused this to be an issue related to Global Secure Access. For now there is a work around to disable dnsTunneling which you can do in WSL Settings. We're investigating the long term fix for this.

Thank you!

[juliusl]

In case anyone isn't sure how to configure this setting,

1. Create a .wslconfig file under %USERPROFILE%
2. Add this to the file

[wsl2]
dnsTunneling=false

3. Run wsl --shutdown