Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Getting DNS errors on latest WSL pre-release #11382

Open
1 of 2 tasks
marcmv1 opened this issue Mar 26, 2024 · 14 comments
Open
1 of 2 tasks

Getting DNS errors on latest WSL pre-release #11382

marcmv1 opened this issue Mar 26, 2024 · 14 comments
Assignees
Labels

Comments

@marcmv1
Copy link

marcmv1 commented Mar 26, 2024

Windows Version

Microsoft Windows [Version 10.0.22631.3296]

WSL Version

2.2.1.0

Are you using WSL 1 or WSL 2?

  • WSL 2
  • WSL 1

Kernel Version

5.15.150.1-microsoft-standard-WSL2 #1 SMP Thu Mar 7 03:22:57 UTC 2024 x86_64 GNU/Linux

Distro Version

Fedora 39

Other Software

N/A

Repro Steps

host is returning too much info and appending the entries from domain search listed in /etc/resolv.conf

host www.microsoft.com
www.microsoft.com is an alias for www.microsoft.com-c-3.edgekey.net.
www.microsoft.com-c-3.edgekey.net is an alias for www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is an alias for e13678.dscb.akamaiedge.net.
e13678.dscb.akamaiedge.net has address 23.197.181.184
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:2000:198::356e
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:2000:182::356e
;; ;; Question section mismatch: got e13678.dscb.akamaiedge.net.random.com/MX/IN
;; communications error to 10.255.255.254#53: timed out
;; ;; Question section mismatch: got e13678.dscb.akamaiedge.net.random.com/MX/IN
;; communications error to 10.255.255.254#53: timed out
;; no servers could be reached

When I do host followed by a DNS server, output is as it should be
host www.microsoft.com 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

www.microsoft.com is an alias for www.microsoft.com-c-3.edgekey.net.
www.microsoft.com-c-3.edgekey.net is an alias for www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is an alias for e13678.dscb.akamaiedge.net.
e13678.dscb.akamaiedge.net has address 23.197.181.184
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:2000:198::356e
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:2000:182::356e

Expected Behavior

This is how it should look
host www.microsoft.com 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

www.microsoft.com is an alias for www.microsoft.com-c-3.edgekey.net.
www.microsoft.com-c-3.edgekey.net is an alias for www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is an alias for e13678.dscb.akamaiedge.net.
e13678.dscb.akamaiedge.net has address 23.197.181.184
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:2000:198::356e
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:2000:182::356e

Actual Behavior

This is how it does look

host www.microsoft.com
www.microsoft.com is an alias for www.microsoft.com-c-3.edgekey.net.
www.microsoft.com-c-3.edgekey.net is an alias for www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is an alias for e13678.dscb.akamaiedge.net.
e13678.dscb.akamaiedge.net has address 23.197.181.184
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:2000:198::356e
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:2000:182::356e
;; ;; Question section mismatch: got e13678.dscb.akamaiedge.net.random.com/MX/IN
;; communications error to 10.255.255.254#53: timed out
;; ;; Question section mismatch: got e13678.dscb.akamaiedge.net.random.com/MX/IN
;; communications error to 10.255.255.254#53: timed out
;; no servers could be reached

Diagnostic Logs

No response

Copy link

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The scipt will output the path of the log file once done.

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

View similar issues

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it!

Open similar issues:

Closed similar issues:

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

@zcobol
Copy link

zcobol commented Mar 26, 2024

@marcmv1 are you using networking mirrored mode or NAT? And if you disable dnsTunneling does it make any difference? On Windows 10 and WSL 2.2.1.0 it works as you expected:

[zcobol@toto ~]$ host www.microsoft.com
www.microsoft.com is an alias for www.microsoft.com-c-3.edgekey.net.
www.microsoft.com-c-3.edgekey.net is an alias for www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is an alias for e13678.dscb.akamaiedge.net.
e13678.dscb.akamaiedge.net has address 23.197.102.50
e13678.dscb.akamaiedge.net has IPv6 address 2600:1405:1800:18c::356e
e13678.dscb.akamaiedge.net has IPv6 address 2600:1405:1800:195::356e

[zcobol@toto ~]$ host www.microsoft.com 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

www.microsoft.com is an alias for www.microsoft.com-c-3.edgekey.net.
www.microsoft.com-c-3.edgekey.net is an alias for www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is an alias for e13678.dscb.akamaiedge.net.
e13678.dscb.akamaiedge.net has address 23.197.102.50
e13678.dscb.akamaiedge.net has IPv6 address 2600:1405:1800:195::356e
e13678.dscb.akamaiedge.net has IPv6 address 2600:1405:1800:18c::356e

On Win10 networkingMode = mirrored is not available.

@benhillis
Copy link
Member

@CatalinFetoiu - can you please investigate?

@marcmv1
Copy link
Author

marcmv1 commented Mar 27, 2024

@zcobol,

I don't know why cmd gave me windows 10 LOL. I'm on Windows 11 23H2 OS build 22631.3296.

Here's the output with dnsTunneling=false in .wslconfig

host www.microsoft.com
www.microsoft.com is an alias for www.microsoft.com-c-3.edgekey.net.
www.microsoft.com-c-3.edgekey.net is an alias for www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net is an alias for e13678.dscb.akamaiedge.net.
e13678.dscb.akamaiedge.net has address 23.197.181.184
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:4000:591::356e
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:4000:58e::356e
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:4000:58c::356e
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:4000:58f::356e
e13678.dscb.akamaiedge.net has IPv6 address 2600:1401:4000:58d::356e

@CatalinFetoiu
Copy link
Collaborator

@marcmv1 thanks for reporting the issue

can you please collecting networking logs using instructions below? https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues

the script will generate a file with name starting with "WslNetworkingLogs"

@chrisk314
Copy link

I was also having issues after updating to the 2.2.1 pre-release version. Some web requests were working but others failing with network issues. I've now resolved the issues and have DNS tunneling and network mirroring working. Here's what I did.

Changes to global WSL config...

# .wslconfig
[wsl2]
networkingMode = mirrored
dnsTunneling = true
# ...

Changes in my Ubuntu 22.04 distro...

# /etc/wsl.conf
[network]
generateHosts = false
generateResolvConf = false
# ...

Reset the /etc/hosts entries in my Ubuntu 22.04 distro (myhostname is a placeholder)...

127.0.0.1       localhost
127.0.1.1       myhostname

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Reset the /etc/resolv.conf entries in my Ubuntu 22.04 distro...

nameserver 8.8.8.8

After running wsl.exe --shutdown and then restarting my Ubuntu 22.04 distro everything seems to be working correctly as far as I can tell. I'm able to successfully curl a service running on my Windows localhost from a shell inside Ubuntu. I can also successfully make web requests from inside Ubuntu now. Earlier in the day a terraform apply was consistently failing after the update to 2.2.1, now it's all good!

Hope this can help someone else!

@DandyDeveloper
Copy link

Just FYI, I have been experiencing the same as the above in the latest release (no longer pre-release) and this broke a lot of networking in my environment. Specifically, I wasn't able to push any docker images upstream to an ECR repo. Other network requests, even resolving the hostname and logging in were working with success.

I did the above from (@chrisk314) and that got me working again.

@Yogu
Copy link

Yogu commented Jun 17, 2024

@chrisk314 thank you for describing the workaround.

In my setup, I only needed to make these changes:

# /etc/wsl.conf
[network]
generateResolvConf = false
# /etc/resolv.conf
nameserver <ip address of the name server>

The other settings (networkingMode, dnsTunneling, generateHosts) could be left at the defaults.

There is one drawback of this configuration: If you use your device both in private networks (with private DNS resolvers) and in public networks, you need to switch the nameserver manually each time.

With regards to the bug itself: In my setup, it only (or mainly?) occurs with DNS queries for records that do not exist (e.g. the AAAA record for a service that only has an A record). With one Wireshark in the WSL; and one Wireshark in Windows, I see that while the WSL only makes one query to Windows, Windows expands this into multiple queries, the original one plus one for each search domain. It looks like Windows then responds with one of the search domain answers, which does not match the WSL query. It's worth noting that the generated resolv.conf also configures the serach domains. So either Windows should skip its search domains during the WSL-initiated lookup, or Windows should do it (and correctly translate the result back to the original domain) and the search domains should not be generated in resolv.conf.

Btw. I also tried

networkingMode = mirrored
dnsTunneling = true

while keeping generateResolvConf = true, because it promises to offer a better DNS experience, but it that did not solve the problem.

@blackliner
Copy link

Disabling dnsTunneling did the trick for me:

[wsl2]
networkingMode = mirrored
dnsTunneling = false

@aikawarazu
Copy link

Disabling dnsTunneling did the trick for me:

[wsl2]
networkingMode = mirrored
dnsTunneling = false

this worked for me .

@Yogu
Copy link

Yogu commented Oct 18, 2024

Does anyone have an idea which circumstances cause this issue to appear in the first place? It has only received two thumbs-up, and Microsoft has ignored if for half a year now, so I guess it does not affect most people.

I assume some kind of relationship with search domains, see my earlier comment, but even when I disabled search domains, I still get malformed DNS responses from localhost:

Image

(it includes an OPT RR in the authority RRs that seems to belong to the additional RRs, and the authoritative SOA RR shows up as additional bytes at the end (which is reported as a warning in dig). So it seems like it not just about search domains.

@Yogu
Copy link

Yogu commented Oct 18, 2024

@CatalinFetoiu (since you're assigned to this issue) - if there is a way I could help you to investigate this issue, e.g. by testing out settings, providing logs or network captures, I'd be glad to do so.

@CatalinFetoiu
Copy link
Collaborator

thanks @Yogu . can you please collect networking logs using instructions at https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues ?
start collect-networking-logs.ps1
repro
stop collect-networking-logs.ps1
the script will generate a zip with name starting with "WslNetworkingLogs"

since the problem is related to dnsTunneling, please make sure to have it enabled before reproducing the issue (and also have generateResolvConf=true, since that is required for dnsTunneling to be successfully enabled)

@hieumau12
Copy link

Disabling dnsTunneling did the trick for me:

[wsl2]
networkingMode = mirrored
dnsTunneling = false

It worked for me. you save my day

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

10 participants