Jan's Learning Journal
wsl cisco networking vpn windows devops

Fix WSL2 DNS with Cisco AnyConnect on Windows 11

Published: January 8, 2026 Last updated: February 7, 2026
Time to fix: ~10 minutes
Tested on: Windows 11 22H2

If WSL2 gets an IP address but DNS fails when Cisco AnyConnect is connected, this fix restores name resolution on Windows 11.

Cisco AnyConnect is aggressive about Windows routing. That often breaks WSL2 DNS when WSL is in the default NAT mode. The simplest fix is to enable mirrored networking and DNS tunneling in WSL.

Symptoms

  • WSL2 has an IP address
  • ping to external IP works
  • DNS queries fail (nslookup, dig, apt, etc.)

Fix (Windows 11 22H2+)

Create or edit %USERPROFILE%\\.wslconfig and add:

[wsl2]
networkingMode=mirrored
dnsTunneling=true

Restart WSL:

wsl --shutdown

Reopen your distro and retry DNS.

Why this works

Mirrored mode makes WSL share the host’s network stack. DNS tunneling routes WSL DNS queries through Windows, so AnyConnect’s changes apply consistently.

Troubleshooting

  • If DNS still fails, check corporate firewall rules for WSL or mirrored mode.
  • Some orgs require additional Windows firewall allowances for mirrored networking.

Microsoft docs: mirrored mode networking.

Updates & Revision History
  • 08 Jan 2026: Initial publication
  • 07 Feb 2026: Improved structure and clarity

Found this helpful? Have feedback?

I'd love to hear if this solved your problem or if you ran into issues. Your feedback helps me improve these guides.

Email me