This resource is to inform about additional changes required concerning .local domain FQDN usage and DNS resolution after upgrading HCX Connector or Cloud version to 4.4.0 and above.

• The DNS resolution failure happens for the FQDN when using the .local domain after upgrading HCX Connector or Cloud version to 4.4.0 and above.

  root@vmware-hcx [ /home/admin ]# ping <FQDN>.local 
  ping: <FQDN>.local : Temporary failure in name resolution

• You may find the following error in /common/logs/appliance-management/appliance-management.log:
  
  

  <timestamps> UTC [https-jsse-nio-9443-exec-3, , ] ERROR c.v.v.hybridity.LookupServiceAdapter- Error querying SSO server configuration: {"status":"FAILURE","failure":"UnknownHostException","details":"java.net.UnknownHostException: <FQDN>.local: Temporary failure in name resolution\

After upgrading the HCX Connector or cloud manager version to 4.4.0 and above, the DNS resolution is managed by systemd-resolved, and it operates differently from an ordinary resolve

Note: For more details about the systemd-resolved process, please refer systemd-resolved.service(Protocols and Routing).

IMPORTANT:

• No HCX management operations should be in progress.
• Try to perform the change via the 9443 AUI interface of HCX manager, as that is a more reliable and easier way to configure with less prone to error.
• Also, if the config is already applied in 4.4.1, which is running Photon OS, then no need to execute it again in 4.5.0 or later software release, as both releases will have the same OS running and the original changes should be preserved during the upgrade cycle.

For HCX Connector or Cloud version 4.4.0 and above(Photon OS), with the .local domain FQDN usage, the search or routing domain needs to be configured explicitly to make lookups as shown below:

1st METHOD

• Log in to HCX Connector or Cloud Manager via 9443.
• Navigate to Administration > Network Settings > DNS Servers
• Then add the .local domain under search domains.
  
   
• Click on SAVE.
• Restart the HCX Service for the changes to take effect:

1. Navigate to the Appliance Summary tab.
2. In the HCX Services panel under UI, restart the Web Service and Application Service.
3. If the service is running, you must stop and restart the service.
4. Post that, you also need to restart systemd-resolved services.

                       

2nd METHOD

• Log in to HCX Connector or Cloud via SSH using the admin account.
• Change user to root.
• Edit the file /etc/systemd/resolved.conf using the VI editor and adding the required domains as shown below

BEFORE CHANGE

# created by setup_hcx_network on Tue Oct 25 21:54:02 UTC 2022
[Resolve]
DNS=#.#.#.#, #.#.#.#
Domains=
#FallbackDNS=#.#.#.#, #.#.#.#
LLMNR=false
#MulticastDNS=yes
# TODO: dnssec not working in vmc yet, change back to allow-downgrade
DNSSEC=no
DNSOverTLS=no
#Cache=yes
#DNSStubListener=udp

AFTER CHANGE

# created by setup_hcx_network on Tue Oct 25 21:54:02 UTC 2022
[Resolve] 
DNS=#.#.#.#, #.#.#.#
Domains=local >>>>>>>>>>>>>>>
#FallbackDNS=#.#.#.#, #.#.#.#
LLMNR=false
#MulticastDNS=yes
# TODO: dnssec not working in vmc yet, change back to allow-downgrade
DNSSEC=no
DNSOverTLS=no
#Cache=yes
#DNSStubListener=udp

IMPORTANT: For both of these methods using UI & CLI, restart the systemd-resolved service from the HCX root console using the below command:

systemctl restart systemd-resolved

• This will ONLY impact the HCX Connector or Cloud deployments using software version 4.4.0 and above.
• The HCX Site Pairing will be impacted when .local domain FQDNs are used.
• It will also impact vCenter and NSX registration through HCX 9443 UI.