In a few scenarios, NSX Managers require DNS to be configured so that the Manager can perform DNS lookups. This is important to know so that you can configure your DNS server before you deploy the NSX Manager.

NSX requires forward and reverse DNS entries for any of the following scenarios:

  • Starting with NSX 4.1 and later versions, in a dual stack environment (that is, both IPv4 and IPv6 have been configured).
  • Use cases where "publish_fqdns": true.
  • NSX Manager that uses CA-signed certificates.
  • NSX Manager with Multisite deployments. (It is optional for all other deployment types.) See Multisite Deployment of NSX in the NSX Administration Guide.
    Note: If you did not provide a fully-qualified hostname (FQDN) while deploying NSX Manager in a dual stack environment, then you may be required to replace the REST API certificates because they may not have generated correctly during first boot. You will notice this problem if your browser does not trust the NSX Manager certificate in which case the browser will ask you if you want to ignore the problem. You can either continue to ignore the problem or replace the Manager's REST API certificate.

To ensure a valid FQDN is configured for both the IPv4 and IPv6 addresses used to deploy the NSX Manager and that both address types point to the same FQDN, use the following workflow.

Prerequisites

Understand the scenarios in which you plan to use the NSX Manager. To avoid any problems, ensure you always configure the NSX Manager hostname to be fully qualified. If the NSX Manager hostname is always fully qualified, then the initial certficates will be generated correctly and will match the DNS server records. If any of the following scenarios are present that require NSX to use forward and reverse DNS entries and you have already deployed NSX, make sure you complete step one in the following procedure.

Procedure

  1. For NSX Manager hostname queries to work successfully for the scenarios mentioned in this topic, configure the DNS server with a DNS A record, a DNS AAAA record, and PTR records for both IPv4 and IPv6 addresses.

    Note that the AAAA record is only required if you have configured IPv6 addresses.

    Most customers currently do not use IPv6 addresses.

  2. Deploy a NSX Manager with a hostname that is fully qualified (that is, FQDN) so that initial certificates are generated correctly and match the DNS server records (configured in Step 1).
    For details, see the step that covers the setting the NSX Manager hostname of the OVF template. For example, Install NSX Manager and Available Appliances or Install NSX Manager on ESXi Using the Command-Line OVF Tool.

What to do next

Run get hostname CLI to confirm if FQDN is set.