2 min read

WSL2 OpenClaw Hundsun DNS and Proxy Fix

Problem

OpenClaw could open public sites, but failed on internal Hundsun URLs such as:

  • https://dev.hundsun.com/frameV2/pms/workbench

Observed failures:

  • getaddrinfo ENOTFOUND dev.hundsun.com
  • Chrome/Browser traffic for *.hundsun.com was being sent through the configured proxy

Environment details:

  • WSL2 on Ubuntu 24.04
  • OpenClaw Gateway running as a user systemd service
  • Tailscale installed and managing DNS
  • Corporate proxy configured in the Gateway service

Root Cause

There were two issues during investigation, but only one persistent fix is clearly proven.

1. Proxy routing was wrong for Hundsun domains

The Gateway systemd service had:

  • http_proxy=http://10.188.129.243:5780
  • https_proxy=http://10.188.129.243:5780

but no NO_PROXY override for Hundsun internal domains.

2. DNS path was initially unclear during investigation

Inside WSL, /etc/resolv.conf was pointing at Tailscale DNS only:

  • nameserver 100.100.100.100

Windows itself could resolve dev.hundsun.com, but WSL initially could not.

Windows-side resolution returned:

  • dev.hundsun.com -> 192.168.75.64

Windows DNS servers in use:

  • 10.188.206.7
  • 10.188.232.38

During debugging, /etc/resolv.conf was temporarily rewritten to prefer corporate DNS. That correlated with resolution starting to work, but it did not remain the final steady-state configuration.

Later verification showed that even after /etc/resolv.conf reverted to Tailscale-only DNS, the domain still resolved successfully through Tailscale:

  • resolvectl query dev.hundsun.com reported the answer came via tailscale0
  • tailscale debug resolve dev.hundsun.com returned 192.168.75.64

So the current evidence does not prove that keeping corporate DNS servers in /etc/resolv.conf is required long term.

Fix Applied

1. Persistent Gateway proxy bypass

Created:

  • ~/.config/systemd/user/openclaw-gateway.service.d/override.conf

Contents:

[Service]
Environment=NO_PROXY=localhost,127.0.0.1,::1,hundsun.com,.hundsun.com
Environment=no_proxy=localhost,127.0.0.1,::1,hundsun.com,.hundsun.com

Then reloaded and restarted the service:

systemctl --user daemon-reload
systemctl --user restart openclaw-gateway.service

2. Temporary DNS experiment during WSL debugging

Temporarily rewrote /etc/resolv.conf so corporate DNS was available before Tailscale DNS:

nameserver 10.188.206.7
nameserver 10.188.232.38
nameserver 100.100.100.100
search taila6b1f7.ts.net
options timeout:2 attempts:2

WSL already had:

[network]
generateResolvConf = false

in /etc/wsl.conf.

/etc/resolv.conf was later rewritten again by Tailscale. Even so, DNS resolution for:

  • dev.hundsun.com
  • tailnet names such as desktop-4fap59p.taila6b1f7.ts.net

was still working.

Verification

Verified:

  • getent ahosts dev.hundsun.com
  • getent ahosts desktop-4fap59p.taila6b1f7.ts.net
  • OpenClaw browser successfully opened:
    • https://dev.hundsun.com/frameV2/pms/workbench

Notes

  • The NO_PROXY change is persistent and should remain.
  • The temporary /etc/resolv.conf edit should be treated as a debugging step, not a proven permanent fix.
  • Current evidence says 100.100.100.100 / Tailscale DNS is now resolving dev.hundsun.com.
  • If DNS breaks again, investigate Tailscale DNS state first before assuming /etc/resolv.conf needs manual corporate DNS entries.

Backlinks

Graph View