VMware environments come with many infrastructure elements -- from IP addresses to time sources -- that you generally ignore. As long as they work, most admins rarely give them a second thought. The domain name system (DNS), a naming database that locates domain names and translates them into IP addresses, is one of those infrastructure elements.
VMware environments typically use a combination of trusted certificates and authentication to integrate with non-Active Directory products. However, as certain infrastructure components increase their requirements over time, it can become more challenging to track these certificates. Particularly, DNS entries often continue to grow, and you must ensure their accuracy with both forward and reverse lookup zones.
VMware DNS setup: Complete installations before licensing
With DNS, proper setup is necessary. It's easy to overlook setting up reverse lookup zones or fully qualified names, but an incomplete DNS installation can create challenges in your VMware environment.
Host to vSphere communication worked across an entire environment in early versions of DNS, but later versions have trouble communicating with vSphere products that extend the environment, such as NSX. This is because VMware licensing makes it so your environment isn't aware of the products you implement until after you install them, even if you install through vCenter. This means if you take an NSX license, for example, and try to activate it in vCenter, the product key remains invalid until after you complete the NSX installation and connect it to vCenter.
Once you install a product, it enters a trial period in which you have a specific number of days to license it. The length of time depends on the product. Although waiting for a complete installation might be frustrating, it also makes sense: Why burden vCenter with all the products VMware offers if you might not use them all?
Waiting to license a product or add-on until it's installed has the added benefit of ensuring the product is set up properly and works before you activate its license. This approach also ensures products are able to communicate with one another and that your VMware DNS setup will continue to work properly.
Fully qualified forward and reverse lookup zones involve more than vCenter. DNS goes between all parts of your virtual infrastructure to help them communicate with one another -- be it vCenter, a new product or appliance, or the ESXi hosts.
Environment integration
When certain pieces of your environment don't work together properly, simply correcting the entry in the host or vCenter might not fix the issue. Success can depend on the nature of the problem -- whether you're missing fully qualified names or dealing with people cheating IP addresses and host type files -- and what exactly you change.
The network stack in ESXi is more like Linux than Windows. In some cases, it might hold on to older settings and not refresh the entire stack. Although you can refresh the network stack, it's difficult to do quickly. Instead, you can rebuild your ESXi host with the correct setup. Because of ESXi's relatively small footprint, this approach is faster than attempting to refresh the network stack.
However, with vCenter, you should correct any issues you encounter through vCenter settings before trying to rebuild. You can use VMware support to help correct any lingering VMware DNS issues.
To ensure that your DNS settings are correct:
Check to see that your DNS server is running and not malfunctioning. In a Microsoft Active Directory environment, this is generally your Domain Controller.
Attempt to ping your Domain Controller by hostname. If the ping fails, attempt to ping the machine by IP address. For more information, see Testing network connectivity with the ping command (1003486).
If you can ping your Domain Controller, but DNS queries are failing, check to see that your guest machine is set to use the Domain Controller as its preferred DNS servers.
Click on Start > Run, enter netconnections, and click OK.
Right-click the active network adapter for the virtual desktop and click Properties.
Select the item in the list for Internet Protocol (TCP/IP) and click Properties.
Select the Use the following DNS server addresses option.
Check to see if the IP addresses match those for your Domain Controller/Active Directory Integrated DNS server.
If the IP addresses do not match, add the IP addresses of your Active Directory servers.
Check to see that DNS is using the server you specified in your settings as the querying server.
Click Start > Run, type cmd, and click OK.
Run the command: nslookup The output is similar to: C:\Windows\system32 nslookup Default Server: Primary_DNS_Server_Hostname Address: Primary_DNS_Server_IP_Address
Ensure that your default server matches the hostname of the DNS server you specified in your settings and that the IP address also matches.
Ensure that hosts file entries do not conflict with DNS. If a hosts file is configured locally, any host name-to-address mappings are loaded from that file when the DNS client starts and may cause issues with resolution locally. To verify this behavior:
Click Start > Run, type %systemroot%/system32/drivers/etc/, and click OK.
Open the hosts file a text editor.
Look for lines similar to: ip_address_associatedwith_hostname hostname_in_your_environment For example: 127.0.0.1 localhost
Ref:
https://www.techtarget.com/searchnetworking/tip/DNS-server-troubleshooting-for-Linux-and-Windows
https://www.ubackup.com/enterprise-backup/vmware-internet-not-working.html
Comments