WSL2 + Docker Network Troubleshooting: Fix DNS Timeouts and Image Pull Failures

If your WSL2 + Docker setup suddenly fails with docker pull timeouts, Temporary failure in name resolution, or containers that start but cannot access the internet, don’t nuke your environment yet. Most cases are recoverable in 15 minutes.

This guide gives you a practical sequence: identify whether the fault is DNS, proxy/VPN, virtual NIC, or Docker daemon config—then apply the smallest fix first.

1) Identify the failure layer first

Run these checks inside WSL:

# 1) Basic network reachability from WSL
ping -c 2 1.1.1.1
curl -I https://registry-1.docker.io

# 2) DNS health
cat /etc/resolv.conf
nslookup registry-1.docker.io

# 3) Docker daemon/container network health
docker info | sed -n '1,80p'
docker run --rm alpine sh -c "ping -c 2 1.1.1.1 && nslookup google.com"

Quick mapping:

IP works but domain fails: DNS issue.
WSL can access network but containers cannot: Docker network/daemon issue.
Both fail: check Windows proxy/VPN/firewall first.

2) Fix WSL2 DNS (most common root cause)

WSL2 may auto-generate an unusable /etc/resolv.conf. Pin DNS manually to verify:

sudo tee /etc/wsl.conf >/dev/null <<'CONF'
[network]
generateResolvConf = false
CONF

sudo rm -f /etc/resolv.conf
printf "nameserver 1.1.1.1\nnameserver 8.8.8.8\n" | sudo tee /etc/resolv.conf >/dev/null

Then restart WSL from Windows PowerShell:

wsl --shutdown

Retest after relaunch:

nslookup registry-1.docker.io
docker pull alpine:latest

3) Add Docker daemon DNS + registry mirror fallback

If DNS is fixed but pulling images is still unstable, add daemon-level fallback:

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json >/dev/null <<'JSON'
{
  "dns": ["1.1.1.1", "8.8.8.8"],
  "registry-mirrors": [
    "https://docker.m.daocloud.io"
  ]
}
JSON

sudo service docker restart || sudo systemctl restart docker

If you’re using Docker Desktop with WSL integration, prefer setting DNS/mirrors in Docker Desktop to avoid conflicting configs.

4) Common errors and targeted fixes

1) `Temporary failure in name resolution`

Meaning: DNS resolution is broken.
Fix: apply step 2 and restart WSL.

2) `net/http: request canceled while waiting for connection`

Meaning: outbound traffic blocked by proxy/VPN/firewall/routing.
Fix: disable proxy/VPN temporarily and retest; then check enterprise network policy.

3) WSL can reach internet, containers cannot

Meaning: Docker bridge/NAT path is broken.
Fix: restart Docker service and rebuild networks if needed:

docker network prune -f
docker network ls
docker run --rm alpine ping -c 2 8.8.8.8

5) MVP recovery path (fastest stable route)

If you only need things working again quickly:

Pin WSL DNS (wsl.conf + resolv.conf).
Run wsl --shutdown and retest docker pull.
If still failing, add Docker daemon dns + registry-mirrors.

This sequence usually restores WSL2 Docker networking with minimal side effects.

1) Identify the failure layer first#

2) Fix WSL2 DNS (most common root cause)#

3) Add Docker daemon DNS + registry mirror fallback#

4) Common errors and targeted fixes#

1) Temporary failure in name resolution#

2) net/http: request canceled while waiting for connection#

3) WSL can reach internet, containers cannot#

5) MVP recovery path (fastest stable route)#

Suggested follow-up reads#