tail -f /var/run/log/dfwpktlogs.log | grep 10.10.32.228
2023-09-25T07:35:38.308Z 24914357 INET L7 Rule pending PASS 3092 OUT 61 UDP ##.##.##.228/47795->##.##.##.11/53
<<<<<create FQDN entry log should after this log2023-09-25T07:35:38.335Z 24914357 INET match REJECT 1004 OUT 60 TCP ##.##.##.228/46598->##.##.##.97/443 S
vsipioctl getfqdnentries -f nic-30010933-eth0-vmware-sfw.2
No fqdn entry.
Frame 4: 133 bytes on wire (1064 bits), 133 bytes captured (1064 bits)
Ethernet II, Src: Cisco_f5:f4:3f (##:##:##:f5:f4:3f), Dst: VMware_b7:b0:da (00:50:56:##:##:##)
Internet Protocol Version 4, Src: ##.##.##.11, Dst: ##.##.##.229
User Datagram Protocol, Src Port: 53, Dst Port: 35862
Domain Name System (response)
Transaction ID: 0xc4b3
Flags: 0x8580 Standard query response, No error
Questions: 1
Answer RRs: 0 <<<<<
Authority RRs: 1
Additional RRs: 0
Queries
Authoritative nameservers <<<<<
[Request In: 2]
[Time: 0.021817000 seconds]
This issue is resolved in VMware NSX 4.1.2.
Workaround:
Create rule using IP