Custom DNS Resolution Breaks After Installing WSL on Windows #1707

Open
opened 2025-11-20 06:05:07 -05:00 by saavagebueno · 5 comments
Owner

Originally created by @marcportabellaclotet-mt on GitHub (Mar 13, 2025).

Describe the Problem

Installing Netbird on Windows 11 with custom DNS resolvers for internal domains works perfectly on a fresh install.

However, after installing WSL (Windows Subsystem for Linux) and an Ubuntu distribution, custom DNS resolution breaks and never works again—even after uninstalling WSL completely.

Steps to Reproduce

  1. Deploy and configure a self-hosted Netbird server.
  2. Set up custom DNS resolvers in Netbird.
  3. Install a fresh Windows 11 instance.
  4. Install the Netbird client and confirm it's working.
  5. Verify custom DNS resolution using curl or another network tool.
  6. Install WSL:
  7. Verify custom DNS resolution still works.
  8. Install Ubuntu:
    wsl --install -d Ubuntu
    
  9. Restart the Netbird client:
    netbird down
    netbird up <setup-key>
    
  10. At this point, custom DNS stops working, and Windows can no longer resolve custom internal domains.

Even after uninstalling WSL completely, custom DNS resolution remains broken.

Expected Behavior

Custom DNS resolution should continue to work after installing WSL and Ubuntu, or at least be restorable by uninstalling WSL.

Additional Information

  • OS: Windows 11
  • Netbird Version: 0.38.0

Workarounds Tried

  • Uninstalling WSL & Ubuntu No effect
  • Flushing DNS cache (ipconfig /flushdns) No effect
  • Reinstalling Netbird No effect

netbird version 0.38.0

Is any other VPN software installed?

No

Add any other context about the problem here.

Have you tried these troubleshooting steps?

  • Checked for newer NetBird versions
  • Searched for similar issues on GitHub (including closed ones)
  • Restarted the NetBird client
  • Disabled other VPN software
  • Checked firewall settings

Would appreciate any insights or solutions! 🚀

Originally created by @marcportabellaclotet-mt on GitHub (Mar 13, 2025). #### **Describe the Problem** Installing Netbird on **Windows 11** with **custom DNS resolvers** for internal domains works perfectly on a fresh install. However, after installing **WSL (Windows Subsystem for Linux)** and an **Ubuntu distribution**, custom DNS resolution breaks and never works again—**even after uninstalling WSL completely**. #### **Steps to Reproduce** 1. Deploy and configure a **self-hosted Netbird server**. 2. Set up **custom DNS resolvers** in Netbird. 3. Install a **fresh Windows 11** instance. 4. Install the **Netbird client** and confirm it's working. 5. Verify **custom DNS resolution** using `curl` or another network tool. 6. Install **WSL**: 7. Verify **custom DNS resolution still works**. 8. Install Ubuntu: ```powershell wsl --install -d Ubuntu ``` 9. Restart the Netbird client: ```powershell netbird down netbird up <setup-key> ``` 10. At this point, **custom DNS stops working**, and Windows can no longer resolve custom internal domains. Even after **uninstalling WSL completely**, custom DNS resolution remains broken. #### **Expected Behavior** Custom DNS resolution should continue to work after installing WSL and Ubuntu, or at least be restorable by uninstalling WSL. #### **Additional Information** - OS: **Windows 11** - Netbird Version: **0.38.0** #### **Workarounds Tried** - **Uninstalling WSL & Ubuntu** ✅ *No effect* - **Flushing DNS cache (`ipconfig /flushdns`)** ✅ *No effect* - **Reinstalling Netbird** ✅ *No effect* `netbird version 0.38.0` **Is any other VPN software installed?** No Add any other context about the problem here. **Have you tried these troubleshooting steps?** - [x] Checked for newer NetBird versions - [x] Searched for similar issues on GitHub (including closed ones) - [x] Restarted the NetBird client - [x] Disabled other VPN software - [x] Checked firewall settings Would appreciate any insights or solutions! 🚀
saavagebueno added the windowstriage-neededdns labels 2025-11-20 06:05:07 -05:00
Author
Owner

@marcportabellaclotet-mt commented on GitHub (Mar 13, 2025):

Screenshots:

Image
Image

@marcportabellaclotet-mt commented on GitHub (Mar 13, 2025): Screenshots: ![Image](https://github.com/user-attachments/assets/ee956a7a-00bc-47e9-a5ce-5f2145c6a3ea) ![Image](https://github.com/user-attachments/assets/247d89d7-b752-4a99-9662-9d098fe86f57)
Author
Owner

@marcportabellaclotet-mt commented on GitHub (Mar 14, 2025):

I managed to restore functionality by disabling ICS in Windows.

- Open the Run dialog by pressing Windows key + R.
- Type gpedit. msc and press the Enter.
- Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Network Connections.
- Double click Prohibit use of Internet Connection Sharing on your DNS domain network.
- To enable the Group Policy setting, and disable ICS, click Enabled.
- Click OK to save your changes.
- Reboot your computer and check if the changes has taken effect. 

After making the changes, I lost connectivity from the WSL containers. However, switching the WSL network mode to "mirrored" restored connectivity.

If I'm not mistaken, this issue could be due to Netbird running its own DNS server on localhost port 53, which conflicts with ICS, as it does the same. This might explain why Netbird's DNS resolution fails when WSL is enabled.

@marcportabellaclotet-mt commented on GitHub (Mar 14, 2025): I managed to restore functionality by disabling ICS in Windows. ``` - Open the Run dialog by pressing Windows key + R. - Type gpedit. msc and press the Enter. - Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Network Connections. - Double click Prohibit use of Internet Connection Sharing on your DNS domain network. - To enable the Group Policy setting, and disable ICS, click Enabled. - Click OK to save your changes. - Reboot your computer and check if the changes has taken effect. ``` After making the changes, I lost connectivity from the WSL containers. However, switching the WSL network mode to "mirrored" restored connectivity. If I'm not mistaken, this issue could be due to Netbird running its own DNS server on localhost port 53, which conflicts with ICS, as it does the same. This might explain why Netbird's DNS resolution fails when WSL is enabled.
Author
Owner

@thorstenkramm commented on GitHub (Mar 14, 2025):

If it helps, I can confirm and reproduce this exact issue. After installing and activating WSL on Windows 11 Netbird custom DNS resolution stops working. Tested with Netbird 0.38.0.

@marcportabellaclotet-mt From the output of netstat -ano or Get-NetUDPEndpoint | Select-Object LocalAddress, LocalPort, @{Name="ProcessName";Expression={(Get-Process -Id $_.OwningProcess).Name}} | Sort-Object LocalPort I cannot see anything listening on port 53. However, the Linux version does open port 53 on the WireGuard IP-address.

As a workaround, I'm setting the DNS Server on wt explicitly after connecting Netbird.

Set-DnsClientServerAddress -InterfaceAlias "wt0" -ServerAddresses ("10.248.157.30","192.168.178.1")

The first IP-Address is the remote DNS Server reached via Netbird, and the second is the local DNS server given by the local DHCP server.

@thorstenkramm commented on GitHub (Mar 14, 2025): If it helps, I can confirm and reproduce this exact issue. After installing and activating WSL on Windows 11 Netbird custom DNS resolution stops working. Tested with Netbird 0.38.0. @marcportabellaclotet-mt From the output of `netstat -ano` or `Get-NetUDPEndpoint | Select-Object LocalAddress, LocalPort, @{Name="ProcessName";Expression={(Get-Process -Id $_.OwningProcess).Name}} | Sort-Object LocalPort` I cannot see anything listening on port 53. However, the Linux version does open port 53 on the WireGuard IP-address. As a workaround, I'm setting the DNS Server on `wt` explicitly after connecting Netbird. ``` Set-DnsClientServerAddress -InterfaceAlias "wt0" -ServerAddresses ("10.248.157.30","192.168.178.1") ``` The first IP-Address is the remote DNS Server reached via Netbird, and the second is the local DNS server given by the local DHCP server.
Author
Owner

@marcportabellaclotet-mt commented on GitHub (Mar 14, 2025):

Thanks for sharing, @thorstenkramm.
I managed to work around the issue by disabling Windows ICS, and some colleagues in my company confirmed that this workaround works for them as well.
Setting dnsclient on wt0 might help in certain cases, but it won't support using multiple nameservers based on domain names.

@marcportabellaclotet-mt commented on GitHub (Mar 14, 2025): Thanks for sharing, @thorstenkramm. I managed to work around the issue by disabling Windows ICS, and some colleagues in my company confirmed that this workaround works for them as well. Setting `dnsclient` on `wt0` might help in certain cases, but it won't support using multiple nameservers based on domain names.
Author
Owner

@Maescool commented on GitHub (Mar 14, 2025):

This might have the similar root cause of #3332

@Maescool commented on GitHub (Mar 14, 2025): This might have the similar root cause of #3332
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#1707