Pull image from private registry using service DNS name

Cluster information:

Kubernetes version: v1.18.8
Cloud being used: bare-metal
Installation method: docker-for-win
Host OS: Windows 10 20H2
CNI and version: ?
CRI and version: ?

(question also asked on stackoverflow here)

I have a registry:2 deployed as pod in my kubernetes cluster (running on docker-for-win, WSL2). I have two services for this pod as shown below:

apiVersion: v1
kind: Service
  name: registry-external
  type: NodePort
    app: registry
    - protocol: TCP
      port: 5000
      nodePort: 32020
apiVersion: v1
kind: Service
  name: registry
    app: registry
    - name: http
      protocol: TCP
      port: 2100
      targetPort: 5000

So the first one for reaching the registry from outside the cluster (on port 32020, so I can docker login localhost:32020 on the host machine) and one for reaching the registry from the inside (on port 2100).

The login from outside works just fine. I’ve verified by nslookup registry on the cluster, that the registry should be reachable on registry.default.svc.cluster.local . So I created my image pull secrets with

    "auths": {
        "registry.default.svc.cluster.local:2100": {
            "auth": "......"

When I try to deploy a pod with this image pull secret and image registry.default.svc.cluster.local:2100/animage:latest it fails with

dial tcp: lookup registry.default.svc.cluster.local on no such host

I’m puzzled by this: shouldn’t the URL be valid at time of image pull?