DNS resolution is successful from the vCenter Server command line for the ESXi host FQDNs, as well as for the vCenter Server FQDN and IP address.

Running the vCenter Diagnostic Tool (VDT) via the command line reports a [FAIL] status for DNS with TCP, and the following message is observed:

VMware vCenter Server 8.0.x

vCenter Server uses TCP 53 for DNS queries when UDP fails, or if the size is too large for a single UDP packet. 

Coordinate with the network security team to ensure that TCP port 53 traffic is permitted from the vCenter Server to the DNS servers.

Using the VCF Diagnostic Tool for vSphere (VDT)

Required ports for configuring an external firewall to allow ESX/ESXi and vCenter Server traffic