sudo ethtool -K eth1 rx off tx off

Eric writes: (…)

I found this problem on a new server I built. This system acts as a local router and DNS server, and also runs vmware-server. VMware is configured with vmnet0 as a bridge to eth1, which physically links to a 10/100Mbps switch for the local LAN.
VMware instances could communicate with the host system’s IP over TCP but not UDP, so DNS queries would fail. Other systems on the physical LAN can query DNS just fine.

A tcpdump capture and subsequent wireshark analysis revealed that all UDP replies coming from the host server system included a bad UDP checksum. Even UDP replies going to other systems on the physical LAN show bad checksums, but I assume those systems ignore it. VMware Server’s vmnet-bridge driver might silently drop these packets.

After turning off hardware checksum offloading (ethtool -K eth1 rx off tx off), everything worked perfectly. Wireshark revealed the reply packets from the host server include a correct UDP checksum.