Tailscale + WSL2 DNS Issues¶
Problem 1: Windows Tailscale Breaks WSL2 DNS¶
When Tailscale is running on Windows, WSL2's auto-generated /etc/resolv.conf
may point to Tailscale's DNS resolver (10.255.255.254) instead of a working
nameserver. This causes DNS resolution to fail inside WSL2.
Symptoms¶
apt updatefails with "Temporary failure resolving..."ping google.comfails: "Name or service not known"/etc/resolv.confshowsnameserver 10.255.255.254
Fix¶
# 1. Disable WSL auto-generation of resolv.conf
sudo tee -a /etc/wsl.conf <<'EOF'
[network]
generateResolvConf = false
EOF
# 2. From PowerShell: wsl --shutdown
# 3. After WSL restarts, create a static resolv.conf
sudo rm /etc/resolv.conf # remove the symlink
sudo tee /etc/resolv.conf <<'EOF'
nameserver 1.1.1.1
nameserver 8.8.8.8
EOF
Note: This fix survives reboots since generateResolvConf = false prevents
WSL from overwriting your static file.
Problem 2: Tailscale Inside WSL2 Breaks DNS¶
When tailscaled runs inside WSL2, it modifies /etc/wsl.conf to add
generateResolvConf = false and attempts to write nameserver 100.100.100.100
(MagicDNS) to /etc/resolv.conf. The second step often fails silently,
leaving no resolv.conf at all.
Symptoms¶
- DNS stops working completely after
tailscale up /etc/resolv.confis missing or empty[network] generateResolvConf = falseappears in wsl.conf (added by Tailscale)
Fix¶
If using Tailscale inside WSL2 with MagicDNS:
If not using MagicDNS:
Persistent Fix¶
The Tailscale-injected wsl.conf changes reappear after Windows restarts. To make your fix permanent, either:
-
Use an immutable file:
-
Or add resolv.conf creation to
/etc/wsl.confboot command:
Problem 3: MagicDNS Conflicts¶
If you run Tailscale on both Windows and WSL2 (not recommended), MagicDNS
on each instance may conflict -- both try to intercept DNS for .ts.net
domains. Disable MagicDNS on one of them via the Tailscale admin console
(DNS settings page) or use tailscale up --accept-dns=false in WSL2.