Recently I came across a requirement where customer doesn’t have a static public IP instead of that they have Dyn DNS FQDN and want to establish IPsec connectivity from there cloud services which hosted behind NSX-V Edge.
Troubleshooting
By default, NSX Edge (ESG) cannot resolve FQDNs, hence this requirement was not working. Also you may have a different requirement like to forward ESG logs to a SYSLOG server with FQDN.
Also there is a DNS configuration available under NSX-V Edge management tab GUI which is only configuring the DNS forwarder and DNS queries received on Edge interfaces from the clients.
DNS Client Configuration
In order to for the edge to be able to resolve its own DNS queries, you need to configure DNS clients for the Edge via the API call below. You can update the primary and secondary DNS servers using this API PUT call.
https://NSX-Manager/api/4.0/edges/{edgeId}/dnsclientHeader: Content-Type – application/xml
Authorization: BasicAuth with NSX Manager admin credential
Body: Raw – XML
<dnsClient>
<primaryDns>IP_address</primaryDns>
<secondaryDns>IP_address</secondaryDns>
<domainName>Domain_FQDN</domainName>
</dnsClient>
You will be getting below status output if the API call is successful.
HTTP Result Codes:
204 NO CONTENT
Verify by executing a ping command from ESG and you can see it is resolving the domain IP
Thanks,
If you have any comments, please drop me a line.
I hope this article was informative, and don’t forget to buy me a coffee if you found this worth reading.
Leave a Reply