• NSX Manager is generating multiple DNS queries per minute, exhausting the DNS server.
• DNS queries are attempts to resolve the IP address of syslog server, or VMware Aria for Logs server.
• In extreme situations, there can be more than 1 DNS query per second. 
• In NSX Manager generating the queries, multiple "closed connection" logs, similar to the sample below can be observed: 
  /var/log/syslog:
2025-09-09T12:03:05.883Z <nsx-manager> rsyslogd - - -  omfwd: remote server at <syslog-server>:9543 seems to have closed connection. This often happens when the remote peer (or an interim system like a load balancer or firewall) shuts down or aborts a connection. Rsyslog will re-open the connection if configured to do so (we saw a generic IO Error, which usually goes along with that behaviour). [v8.2304.0 try https://www.rsyslog.com/e/2027 ]

VMware NSX

This issue is caused by incorrect configuration of syslog server on NSX appliance. 

Review syslog configuration on NSX Manager and make sure the syslog server is configured correctly, and can receive logs on the expected connection (e.g. correct protocol is used, matching the destination (syslog) server).

For details in relation to configuration of syslog, please review VMware NSX Administration Guide: Add Syslog Servers for NSX Nodes.