Missing DNS entry for manager FQDN alarm in NSX Manager
Article ID: 345845
Updated On:
Products
VMware NSX
Issue/Introduction
Title: Alarm for manager_health.missing_dns_entry_for_manager_fqdn
Event ID: manager_health.missing_dns_entry_for_manager_fqdn
Alarm Description
- Purpose: The purpose of this alarm is to inform the user that the DNS entry for the Manager FQDN is missing.
- Impact: The DNS configuration for specific manager node is incorrect. The Manager node is dual-stack and/or CA-signed API certificate is used, but the IP address(es) of the Manager node do not resolve to an FQDN or resolve to different FQDNs.
Environment
VMware NSX
Cause
This issue occurs when the manager node's DNS configuration fails a bidirectional lookup check. The manager must be able to resolve:
- Its FQDN to its IP address (via an A/AAAA record).
- Its IP address back to its FQDN (via a PTR record).
This validation is required when the manager is using CA-signed certificates or a dual-stack (IPv4/IPv6) configuration. If either the forward or reverse lookup fails the alarm state will trigger.
Resolution
For 4.1.0 and higher:
-
Ensure proper DNS servers (as well as any required Search Domains) are configured in the Manager node.
-
Ensure proper A records and PTR records are configured in the DNS servers such that reverse lookup of the IP addresses of the Manager node return the same FQDN, and forward lookup of the FQDN return all IP addresses of the Manager node. Hostname ("shortname") lookups should also resolve.
- Note: NSX uses
diginstead ofnslookupto resolve hostnames/IPs. Ensure your DNS server properly returns answers todig. See KB 367266 for details.
- Note: NSX uses
-
Alternatively, if the Manager node is not dual-stack, replace the CA-signed certificate for API service type with a self-signed certificate.
Additional Information
Maintenance window required for remediation? No
Related KBs
Missing DNS Entry For Manager FQDN alarm when RFC 2317 DNS in use
Feedback
Yes
No
Powered by
