WSL2 DNS Resolution Failing with TCP, Causes NPM and others to fail #4909
Description
Describe the problem
When running Netbird client on Windows (latest, 0.60.4 I think as of writing this) on Windows, the DNS edits don't seem to work well with the WSL2 client
When installing packages from NPM, each request seems to bounce along every member of my clients before finally making it out, taking something like 7.5 seconds over TCP to npmjs.com
❯ time dig registry.npmjs.org @10.255.255.254 +tcp 2>&1
; <<>> DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu <<>> registry.npmjs.org @10.255.255.254 +tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18072
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;registry.npmjs.org. IN A
;; ANSWER SECTION:
registry.npmjs.org. 141 IN A 104.16.26.34
registry.npmjs.org. 141 IN A 104.16.24.34
registry.npmjs.org. 141 IN A 104.16.3.35
registry.npmjs.org. 141 IN A 104.16.30.34
registry.npmjs.org. 141 IN A 104.16.28.34
registry.npmjs.org. 141 IN A 104.16.25.34
registry.npmjs.org. 141 IN A 104.16.27.34
registry.npmjs.org. 141 IN A 104.16.31.34
registry.npmjs.org. 141 IN A 104.16.2.35
registry.npmjs.org. 141 IN A 104.16.29.34
registry.npmjs.org. 141 IN A 104.16.0.35
registry.npmjs.org. 141 IN A 104.16.1.35
;; Query time: 7540 msec
;; SERVER: 10.255.255.254#53(10.255.255.254) (TCP)
;; WHEN: Tue Dec 02 12:34:36 PST 2025
;; MSG SIZE rcvd: 239
dig registry.npmjs.org @10.255.255.254 +tcp 2>&1 0.01s user 0.00s system 0% cpu 7.555 totalTo Reproduce
Steps to reproduce the behavior:
- Have windows
- Use WSL2
- Add netbird for windows
- Try to pnpm install or resolve DNS through TCP like I did above. I am not sure if it's the number of clients, or what, but they are all on my home network, lol
I also tried editing the C:\Users\myuser\.wslconfig to include dnsTunneling, and added the
[networking]
resolveConf=true
to the WSL2 config files as specified here: https://gist.github.com/coltenkrauter/608cfe02319ce60facd76373249b8ca6 but no dice
Expected behavior
It should use the DNS set in my Netbird (I have a Google / Cloudflare combo as the DNS set at 1.1.1.1, 8.8.8.8, 1.0.0.1) to resolve them immediately
Are you using NetBird Cloud?
Self hosted
NetBird version
Latest, 0.60.4 I believe? It's set to :latest in my docker compose and I redeployed it yesterday
OH you meant the installed, 0.60.4
netbird version
Is any other VPN software installed?
No
If yes, which one?
Debug output
To help us resolve the problem, please attach the following anonymized status output
netbird status -dA
Peers detail:
zachs-macmini.anon-EXcYN.domain:
NetBird IP: 100.115.82.248
Public key: pQ46xFNCAPNaqvrQ0hxq0xn0PZ1Z+HLN8o5/pG6KJxk=
Status: Connected
-- detail --
Connection type: P2P
ICE candidate (Local/Remote): host/host
ICE candidate endpoints (Local/Remote): 127.0.0.1:51820/192.168.68.72:51820
Relay server address: rels://net.anon-eH6rA.domain:443
Last connection update: 3 minutes, 24 seconds ago
Last WireGuard handshake: 1 minute, 20 seconds ago
Transfer status (received/sent) 376 B/616 B
Quantum resistance: false
Networks: -
Latency: 3.5972ms
minibeast.anon-EXcYN.domain:
NetBird IP: 100.115.106.88
Public key: CgZQjDoLmWw2ESJqnJjhtg/x5NdW67lf32xjFLmhBGo=
Status: Connected
-- detail --
Connection type: P2P
ICE candidate (Local/Remote): host/prflx
ICE candidate endpoints (Local/Remote): 192.168.68.52:51820/192.168.68.65:51820
Relay server address: rels://net.anon-eH6rA.domain:443
Last connection update: 3 minutes, 22 seconds ago
Last WireGuard handshake: 1 minute, 20 seconds ago
Transfer status (received/sent) 184 B/616 B
Quantum resistance: false
Networks: -
Latency: 511.9µs
zminipc.anon-EXcYN.domain:
NetBird IP: 100.115.127.100
Public key: 06CZp5m3r/Jd7Vgklm25cyoAIwMaLzohPxnQeDSCkUw=
Status: Connected
-- detail --
Connection type: P2P
ICE candidate (Local/Remote): host/host
ICE candidate endpoints (Local/Remote): 127.0.0.1:51820/192.168.68.81:51820
Relay server address: rels://net.anon-eH6rA.domain:443
Last connection update: 3 minutes, 25 seconds ago
Last WireGuard handshake: 1 minute, 21 seconds ago
Transfer status (received/sent) 184 B/616 B
Quantum resistance: false
Networks: -
Latency: 641.4µs
ai-minipc.anon-EXcYN.domain:
NetBird IP: 100.115.137.215
Public key: iWEa3PnQlReBhxRjxNpdLICvBOArH7IYiITNetGp7n4=
Status: Connected
-- detail --
Connection type: P2P
ICE candidate (Local/Remote): host/prflx
ICE candidate endpoints (Local/Remote): 172.18.112.1:51820/192.168.68.82:51820
Relay server address: rels://net.anon-eH6rA.domain:443
Last connection update: 3 minutes, 24 seconds ago
Last WireGuard handshake: 1 minute, 21 seconds ago
Transfer status (received/sent) 344 B/616 B
Quantum resistance: false
Networks: -
Latency: 682.5µs
dedalpha.anon-EXcYN.domain:
NetBird IP: 100.115.138.4
Public key: NBo9QYrhflg3EbCF2z+rG3K1L8sOmYxZ+jRfRybn7Sc=
Status: Connected
-- detail --
Connection type: P2P
ICE candidate (Local/Remote): srflx/prflx
ICE candidate endpoints (Local/Remote): 198.51.100.0:1056/198.51.100.1:51820
Relay server address: rels://net.anon-eH6rA.domain:443
Last connection update: 3 minutes, 22 seconds ago
Last WireGuard handshake: 1 minute, 19 seconds ago
Transfer status (received/sent) 184 B/616 B
Quantum resistance: false
Networks: -
Latency: 177.7667ms
postalserver.anon-EXcYN.domain:
NetBird IP: 100.115.188.64
Public key: zt1QK0nyK8bCnKdmZLCelXLZ+QG8JNu3tOaG/Hr6IDc=
Status: Connected
-- detail --
Connection type: P2P
ICE candidate (Local/Remote): host/srflx
ICE candidate endpoints (Local/Remote): 127.0.0.1:51820/198.51.100.2:51820
Relay server address: rels://net.anon-eH6rA.domain:443
Last connection update: 3 minutes, 21 seconds ago
Last WireGuard handshake: 1 minute, 7 seconds ago
Transfer status (received/sent) 344 B/584 B
Quantum resistance: false
Networks: -
Latency: 179.289ms
blackleafdigital-cloud.anon-EXcYN.domain:
NetBird IP: 100.115.204.178
Public key: 0XhS2urhS25qjflyIHkLqcJ9La4eMpKW6uRdma8kzHU=
Status: Connected
-- detail --
Connection type: P2P
ICE candidate (Local/Remote): host/srflx
ICE candidate endpoints (Local/Remote): 172.18.112.1:51820/198.51.100.3:51820
Relay server address: rels://net.anon-eH6rA.domain:443
Last connection update: 3 minutes, 23 seconds ago
Last WireGuard handshake: 1 minute, 19 seconds ago
Transfer status (received/sent) 184 B/616 B
Quantum resistance: false
Networks: -
Latency: 30.9894ms
zach-upstairs-pc.anon-EXcYN.domain:
NetBird IP: 100.115.219.123
Public key: WjydhJZaVXVFeKZUnu2zcjZoKm/VX+1g9xtAj9lp+lY=
Status: Connected
-- detail --
Connection type: P2P
ICE candidate (Local/Remote): host/prflx
ICE candidate endpoints (Local/Remote): 172.18.112.1:51820/192.168.68.74:51820
Relay server address: rels://net.anon-eH6rA.domain:443
Last connection update: 3 minutes, 22 seconds ago
Last WireGuard handshake: 1 minute, 19 seconds ago
Transfer status (received/sent) 184 B/616 B
Quantum resistance: false
Networks: -
Latency: 3.7879ms
iphone-admin.anon-EXcYN.domain:
NetBird IP: 100.115.230.172
Public key: jqDM+QRtqlrWoBR/Y/4AMS6TuwLuL3AGj2hpxYXi5ik=
Status: Idle
-- detail --
Connection type: -
ICE candidate (Local/Remote): -/-
ICE candidate endpoints (Local/Remote): -/-
Relay server address:
Last connection update: -
Last WireGuard handshake: -
Transfer status (received/sent) 0 B/0 B
Quantum resistance: false
Networks: -
Latency: 0s
zachs-macbook-pro.anon-EXcYN.domain:
NetBird IP: 100.115.235.176
Public key: 1ZFgQiPqESOHNyJyU5LiWn7Xg3yfnWRMBt3Z8J8ztQk=
Status: Idle
-- detail --
Connection type: -
ICE candidate (Local/Remote): -/-
ICE candidate endpoints (Local/Remote): -/-
Relay server address:
Last connection update: -
Last WireGuard handshake: -
Transfer status (received/sent) 0 B/0 B
Quantum resistance: false
Networks: -
Latency: 0s
mediaserver.anon-EXcYN.domain:
NetBird IP: 100.115.245.214
Public key: HIPvGPYCe7Drup324rzt0CigD8mSbHjekm7DWeKenCY=
Status: Connected
-- detail --
Connection type: P2P
ICE candidate (Local/Remote): srflx/host
ICE candidate endpoints (Local/Remote): 198.51.100.0:1056/192.168.68.83:51820
Relay server address: rels://net.anon-eH6rA.domain:443
Last connection update: 3 minutes, 25 seconds ago
Last WireGuard handshake: 1 minute, 22 seconds ago
Transfer status (received/sent) 184 B/616 B
Quantum resistance: false
Networks: -
Latency: 571.8µs
Events:
[INFO] SYSTEM (4925fdc0-da8f-410a-ae8b-9b850be9f3c0)
Message: Network map updated
Time: 9 hours, 7 minutes ago
OS: windows/amd64
Daemon version: 0.60.4
CLI version: 0.60.4
Profile: default
Management: Connected to https://net.anon-eH6rA.domain:443
Signal: Connected to https://net.anon-eH6rA.domain:443
Relays:
[stun:net.anon-eH6rA.domain:3478] is Available
[rels://net.anon-eH6rA.domain:443] is Available
Nameservers:
[1.0.0.1:53, 8.8.8.8:53, 1.1.1.1:53] for [.] is Available
FQDN: zach-godpc.anon-EXcYN.domain
NetBird IP: 100.115.177.120/16
Interface type: Userspace
Quantum resistance: false
Lazy connection: true
SSH Server: Enabled
Networks: -
Forwarding rules: 0
Peers count: 9/11 Connected
Create and upload a debug bundle, and share the returned file key:
netbird debug for 1m -AS -U
18863cda15ba55883ce1a7e6b9062614dba65e0f52e950d96c2545ddc591bab1/4a219387-4be2-480b-800c-e7dc31f7592a
Uploaded files are automatically deleted after 30 days.
Alternatively, create the file only and attach it here manually:
netbird debug for 1m -AS
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
My only additional note is that restarting seemed to help, but it still definitely is quite slow, and I'm not sure if it's because the DNS server doesn't handle TCP that well or, what it was/is
Have you tried these troubleshooting steps?
- Reviewed client troubleshooting (if applicable)
- Checked for newer NetBird versions
- Searched for similar issues on GitHub (including closed ones)
- Restarted the NetBird client
- Disabled other VPN software
- Checked firewall settings