I came across a situation recently where I was building some nested ESXi hosts and had configured the incorrect IP address for their DNS record, only to realise this after attempting to add the host into vCenter:
By attempting to add the host, vCenter will query your DNS servers for the IP address associated with the FQDN you have supplied (assuming you did this method, not via IP address). If you have set the wrong IP on your DNS server for the above FQDN record, you have 2 options:
- Wait a short while for vCenter to clear the cache entry for this FQDN, thus allowing you to add the host with the correct IP from the DNS record
- Clear the DNS cache on your vCenter Server Appliance (vCSA)
vCSA 6.5 upwards runs on Photon OS with dnsmasq acting as a local caching nameserver (thank you to Brandon for the comment to clarify).
Enough rambling, so how do we do it?
If you’re anything like me, you will be too impatient to wait the 5-10 minutes (from my observations) to get the updated DNS record. Thus the following method can be used to clear the DNS cache on your vCSA:
- SSH to your vCenter Server appliance
- Enter the bash shell, ie shell
- Flush the DNS cache by means of restarting the dnsmasq service
systemctl restart dnsmasq
vCenter will now perform a fresh query to your DNS server to obtain the correct IP, thus allowing you to add the host.
Nice work mate, looks like you’re going great guns !
Thanks Pete!
Hey, what do you think about choosing vCenter on Windows vs Linux? I’m in the middle of that decision..
Hi Jonathon,
Where possible, it is always preferable to use the vCenter Server Appliance unless you have an explicit requirement to run your vCenter server on Windows. Feel free to reach out if you need further clarification.
Kane.
For some reason, this doesn’t seem to work on our VCSA 6.5..
Hi Francis, did you run the command from the VAMI shell or from the bash shell?
If you can give me the build number or release number of the VCSA you’re using I’d be happy to do some digging.
Kane.
Hi Kane,
Thanks for replying. The build number is VMware ESXi, 6.5.0, 7526125
I was doing it from the bash shell, logged-in to the VCSA appliance.
For some reason, DNS refreshed between 10-15mins since last check. The last time, we had to wait till the next day for the DNS to take effect even with those commands run.
Kind regards,
Francis
Hi Francis,
Please see update at the top of this post, give that a go and let me know how you go!
Cheers,
Kane.
Thank you ! Exactly what I needed.
This doesn’t work with my VCSA 6.5 either. I’m running the latest build (6.5.0.14000 Build Number 7515524)
My issue was I messed up and added the new IP to DNS but forgot to remove the old record. Fixed it in DNS and now trying to get vCenter to recognize the change.
root@VC01 [ ~ ]# nslookup geoff.foo.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: geoff.foo.com
Address: 123.123.30.54
Name: geoff.foo.com
Address: 123.123.23.98
root@VC01 [ ~ ]# systemctl restart systemd-resolved.service
root@VC01 [ ~ ]# nslookup geoff.foo.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: geoff.foo.com
Address: 123.123.23.98
Name: geoff.foo.com
Address: 123.123.30.54
root@VC01 [ ~ ]#
Hi Tyson,
Please see update at the top of the post, give that a go and let me know how you go!
Cheers,
Kane.
Does restarting this service cause any other side effects? In a production environment, I wouldn’t want to lose connection to the other existing hosts. Just curious if there’s anything else to watch out for? Thanks!
Hi Jim,
Nothing else to worry about, this will not cause an outage.
Cheers,
Kane.
Hi,
On my vCenter also doesn’t work. I was wating more than 1 hour.
I restarted one more service:
systemctl restart systemd-networkd.service
After this vCetner obtains new IPs immediately.
Kind Regards
Maciek
Thank you Maciek, post updated to reflect this!
So, I took a look at the nslookup output from a VCSA 6.5.0 7801515 with integrated PSC to find the proper solution:
nslookup host.domain.tld
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: host.domain.tld
Address: a.b.c.d
VCSA 6.5 runs dnsmasq as a local caching nameserver.
The proper way to clear it is to restart that service, not the others.
systemctl restart dnsmasq
Here’s your proof (run at a bash shell on the VCSA):
netstat -lpW | grep domain
That’ll show you dnsmasq listening on port 53 (domain).
And, if you look at the resolv.conf file, you’ll see it always sticks 127.0.0.1 as the first name server, regardless of what you’ve set for name servers (hence why nslookup defaulted to looking at loopback).
Hi Brandon, thank you for clarification. I will make note of it in my post. Cheers, Kane.
Can confirm, this is the real solution here.
Disclaimer: I am a VMware Product Manager 😉
Unfortunately, under 6.7 neither of these options worked. What fixed it for me was doing this in vcenter shell: service dnsmasq restart
Found this command in the admin guide for vCenter 6.7: https://docs.vmware.com/en/VMware-vSphere/6.7/vsphere-esxi-vcenter-server-67-appliance-configuration-guide.pdf
Hi Demetrius,
Thank you for clarifying. I have updated the post to reflect.
Cheers,
Kane.
Thanks mate – you just spared me a looooooooooooooong vcsa reboot =)
You’re welcome Obawnkenooby 🙂
Wow thanks Kane. Someone had configured two A records in DNS for a host and I couldn’t join it to a fucking cluster. Running this command on our VCSA applicance after deleting the offending record fixed my problem straight away! A+++++ would read bang again
FYI for anyone reading this in 2022/vcsa 7+
you also need to restart systemd-resolved, restarting only dnsmasq will have no effect on cached entries
`systemctl restart systemd-resolved`