Fixing "DNS Not Set" Issue in NSX-T Deployed SVMs for Malware Prevention
search cancel

Fixing "DNS Not Set" Issue in NSX-T Deployed SVMs for Malware Prevention


Article ID: 345859


Updated On:


VMware NSX Networking


  • In NSX-T environments, there is a notable issue where DNS settings fail to be applied within Security Virtual Machines (SVMs) when the Malware Prevention Service Virtual Machine (MPS SVM) is deployed using an IP pool.
  • This lack of DNS configuration can significantly undermine the malware prevention capabilities across all virtual machines (VMs) on the designated host, potentially exposing them to cyber threats.
  • Versions where this is a known issue:
    3.2.3,, 4.1.0, 4.1.1


VMware NSX-T Data Center 3.x
VMware NSX-T Data Center


When the MPS SVM is deployed, the DNS entry is added to the /etc/resolvconf/resolv.conf.d/head file, and the resolvconf service is subsequently restarted. Previously, this action would trigger an update to the /etc/resolv.conf file. However, due to a recent change in the resolvconf service's behavior within the base OS image, the service no longer updates the /etc/resolv.conf file upon restart. Consequently, the DNS entry specified in the IP pool fails to be applied effectively in the SVM.


This issue is fixed in - NSX-T Version 4.1.2

  • The solution involves a manual intervention where the resolvconf -u command is executed after the resolvconf service restart. This ensures the DNS settings are correctly updated in the SVM, thus restoring its ability to provide robust malware prevention.
  • Log in to the SVM with root privileges and execute the following command: /sbin/resolvconf -u