Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides

Search the VMware Knowledge Base (KB)

View by Article ID

Default Firewall Filter Does Not Allow for DNS Traffic Over TCP (1000270)

Details

On sites with large DNS zones, ESX Server might be unable to resolve host names in the local domain.
Consider the scenario where a license server for an ESX Server host might not be accessible because the reply to the DNS query does not fit into a single UDP packet. As a result, the DNS client on the ESX Server host attempts to resolve the license server hostname with a TCP DNS request. The default ESX Server firewall rule disallows such a request, and therefore, hostname is not resolved.

Solution

As a workaround, enable the ESX Server firewall to allow TCP DNS request. Log in to the service console and type the following command:

esxcfg-firewall -o 53,tcp,out,tcpdns

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

1 2 3 4 5
0 Ratings

1 2 3 4 5
0 Ratings

Actions

Bookmark Document

KB:

Did this article help you?
This article resolved my issue. This article did not resolve my issue. This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)