You are configuring a vSphere environment to work well in a hardened network. Your network requires customized ports for many applications and services. Configure each ESXi host to use a customized port for DNS. Although the ESXi firewall allows you to control DNS over UDP port 53, you are required to enable DNS on TCP port 53.
To accomplish this task, the administrator can perform the following steps:
chmod 644 /etc/vmware/firewall/service.xml
<service id="0032">
<id>DNSTCPOut</id>
<rule id='0000'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>53</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
- Modify the permissions of the /etc/vmware/firewall/service.xml file to reset it to the original state, using this command:
chmod 444 /etc/vmware/firewall/service.xml
esxcli network firewall refresh.
- Repeat these steps for each ESXi host.