The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Default Firewall Filter Does Not Allow for DNS Traffic Over TCP (1000270)
Consider the scenario where a license server for an ESX Server host might not be accessible because the reply to the DNS query does not fit into a single UDP packet. As a result, the DNS client on the ESX Server host attempts to resolve the license server hostname with a TCP DNS request. The default ESX Server firewall rule disallows such a request, and therefore, hostname is not resolved.
As a workaround, enable the ESX Server firewall to allow TCP DNS request. Log in to the service console and type the following command:
esxcfg-firewall -o 53,tcp,out,tcpdns
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.