In a VMware NSX environment, you may find that virtual machine cannot communicate with an external DNS server. While other VMs on the same subnet function correctly, the impacted VM fails to receive responses to its DNS requests.

VMware NSX

This issue typically occurs due to a misconfigured routing table within the Guest Operating System of the VM. If the default route is pointed to the IP address of another virtual appliance (such as a firewall or proxy VM) that resides on a different physical ESXi host, NSX will encapsulate the traffic to deliver it to that specific host(TEP). If that intermediate appliance is not configured to forward the traffic externally, the connection will fail.

Manually configure the correct static route on the impacted VM to point to the actual network gateway instead of using the default route.

When a VM attempts to communicate with an IP that the Guest OS believes is the next hop, and that IP is hosted on another ESXi node, the transport node will encapsulate the traffic in a Geneve/VXLAN packet and send it to the remote TEP. This is expected behavior for VM-to-VM traffic but can lead to "black-holing" if the routing is unintended.