VMware
 

Knowledge Base

Search the Knowledge Base:

Products:
Search In:
 

Default Firewall Filter Does Not Allow for DNS Traffic Over TCP

Details

On sites with large DNS zones, ESX Server might be unable to resolve host names in the local domain.
Consider the scenario where a license server for an ESX Server host might not be accessible because the reply to the DNS query does not fit into a single UDP packet. As a result, the DNS client on the ESX Server host attempts to resolve the license server hostname with a TCP DNS request.  The default ESX Server firewall rule disallows such a request, and therefore, hostname is not resolved.

Solution

As a workaround, enable the ESX Server firewall to allow TCP DNS request.  Log in to the service console and type the following command: 
 
esxcfg-firewall -o 53,tcp,out,tcpdns

Feedback

Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (2000 or fewer characters)
Submit
Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   
Actions