To work around this issue, determine whether packets received have more than 512 bytes, or whether they are malformed. To verify, use a tool such as Wireshark or tcpdumps.
Note: VMware does not endorse or recommend any particular third party utility.
In addition, verify that DNS is operating properly with appropriate customer network resources.
If packets are larger than 512 bytes, DNS may be operating properly in the environment. If packets are malformed, then there may be environmental networking issues that should be resolved first.
If the malformed packets are unable to be resolved or packets are larger than 512 bytes:
- Temporarily disable the ESXi firewall and join the ESXi host to the domain. This can be disabled with the following command:
esxcli network firewall unload
Note: This will destroy filters and unload the firewall modules. For more information on disabling the firewall, see About the ESXi 5.0 firewall (2005284).
- Configure a custom rule set for the ESXi firewall that opens TCP port 53. For more information, see Rule Set Configuration Files in the VMware Security Guide