NSX-T FQDN Filtering does not always block certain FQDNs when accessed through Microsoft Edge

NSX-T FQDN Filtering does not always block certain FQDNs when accessed through Microsoft Edge

search cancel

NSX-T FQDN Filtering does not always block certain FQDNs when accessed through Microsoft Edge

book

Article ID: 434053

calendar_today

Updated On:

Products

VMware Cloud Director VMware NSX

Issue/Introduction

FQDN Filtering is a feature which is offered in vCloud Director using filter lists created in NSX-T
- NSX-T Techdocs: FQDN Filtering
DNS Snooping allows this feature to filter correctly in most scenarios, however some FQDNs such as *.microsoft.com may be allowed through on Microsoft Edge

Environment

VMware NSX-T
VMware Cloud Director

Cause

Microsoft Edge uses its own internal DNS which may use IP addresses that are not known to NSX / other DNS.

Microsoft Edge: Use built-in DNS client

Resolution

Disable the Microsoft Edge internal DNS on all VMs or prohibit the use of Edge to ensure this feature works correctly.

Disable built in DNS Completely - microsoft.com

Feedback

thumb_up Yes

thumb_down No