Symptoms:

• In NSX-T environments, there is a notable issue where DNS settings fail to be applied within Security Virtual Machines (SVMs) when the Malware Prevention Service Virtual Machine (MPS SVM) is deployed using an IP pool.
• This lack of DNS configuration can significantly undermine the malware prevention capabilities across all virtual machines (VMs) on the designated host, potentially exposing them to cyber threats.
• Versions where this is a known issue:
  3.2.3, 3.2.3.1, 4.1.0, 4.1.1

VMware NSX-T Data Center 3.x
VMware NSX-T Data Center

When the MPS SVM is deployed, the DNS entry is added to the /etc/resolvconf/resolv.conf.d/head file, and the resolvconf service is subsequently restarted. Previously, this action would trigger an update to the /etc/resolv.conf file. However, due to a recent change in the resolvconf service's behavior within the base OS image, the service no longer updates the /etc/resolv.conf file upon restart. Consequently, the DNS entry specified in the IP pool fails to be applied effectively in the SVM.

This issue is fixed in - NSX-T Version 4.1.2

Workaround:

• The solution involves a manual intervention where the resolvconf -u command is executed after the resolvconf service restart. This ensures the DNS settings are correctly updated in the SVM, thus restoring its ability to provide robust malware prevention.
• Log in to the SVM with root privileges and execute the following command: /sbin/resolvconf -u