On-prem Primary DNS Server or On-prem Secondary DNS Server tests fail in the Connectivity Validator.

Problem

The tests Connectivity to On-prem Primary DNS Server on Port 53 and/or Connectivity to On-prem Secondary DNS Server on Port 53 in the Connectivity Validator fail with a message that says Port 53 Connection timed out.

Figure 1. Image of failed DNS Server connectivity test
Image of Hybrid Linked Mode Port 53 Connection timed out error message.

Cause

Potential causes of this failure could be:

  • The IPsec VPN connection from the cloud SDDC to the on-premises data center might be down.
  • The DNS server port 53 is blocked by a firewall rule on the cloud SDDC or on-premises data center.
  • You have entered an incorrect IP address for the DNS server.
  • The DNS server is down.

Solution

  1. Verify that the VPN tunnel from the cloud SDDC to on-premises is up. See View VPN Tunnel Status and Statistics.
  2. Inspect the firewall rules in the VMware Cloud Console to ensure that access to port 53 on the on-premises DNS server is not blocked.
  3. Inspect the firewall rules in your on-premises environment to ensure that access to port 53 on the on-premises DNS server is not blocked.
  4. Verify that you entered the correct IP address for your on-premises DNS servers. See Specify Management Gateway DNS Servers.
  5. Verify that your DNS server is running, and bring it back up if it is down.