Unable to communicate with https://packages.pfsense.org. Please verify DNS and

scorpion2087

I am getting this error after restoring and reconfiguring it i tried this command

env ip6addrctl_enable="yes" ip6addrctl_policy="prefer_ipv4" /etc/rc.d/ip6addrctl start

Then Flush command and afterthat reboot of firewall

But no use  please help

stephenw10

Is it able to check for fimeware updates?
Are you using policy based routing?
Are you able to ping it from the pfsense box? From a client behind pfsense?

Steve

scorpion2087

Hi steve i am attaching screen shots of firewall output

*** No pfsense is not able to obtain update status

• Not able to ping google or pfsense websites but i can ping my DHCP server which is windows 2008 server

• Internet is working fine in my LAN network but PF sense is not able to obtain any update

• yesterday i reset PFsense on factory default mode before that it was working fine so no rules are there screen shots of rules is also attached

**

scorpion2087

@stephenw10:

Is it able to check for fimeware updates?
Are you using policy based routing?
Are you able to ping it from the pfsense box? From a client behind pfsense?

Steve

Hey steve

as i already mentioned that internet on my LAN is working but i Dont know weather its a problem with MY ISP DNS server or with PFSENSE

i tried one silverbullet

System > General Setup > in DNS section along with my ISP DNS i entered google Public DNS address 8.8.8.8 & 8.8.4.4 and now PING in PFsense and Package manager is working.

but Public DNS are not safe so please tell me the solution for it

cmb

@scorpion2087:

but Public DNS are not safe so please tell me the solution for it

uh… what? DNS in general isn't safe, "public DNS" is no less safe than anything else. That's part of why we've switched essentially everything over to HTTPS.

kpa

You can switch to using Unbound as the caching resolver and tell it not to use forwarders. That way you can be pretty sure the answers you get are straight from the horse's mouth, the authoritative servers in other words. If you're really paranoid Unbound supports DNSSEC but unfortunately DNSSEC hasn't been yet adopted widely.

cmb

@kpa:

You can switch to using Unbound as the caching resolver and tell it not to use forwarders.

Still, anyone in the position to modify the traffic between you and Google will be able to just as easily modify your recursive lookups direct to other servers.

Yeah, DNSSEC is ultimately the answer, but it'll be a while before the world gets there.

stephenw10

So the box did not have DNS working correctly but client behind it did? Are your lan clients using the pfSense DNS forwarder or do you have something else on your network providing DNS?
What sort of connection is your WAN? Usually the DNS servers are provided by the WAN via DHCP or PPP, is your ISP not providing them?

In System: General: do you have either the 'Allow DNS server list to be overridden by DHCP/PPP on WAN' or 'Do not use the DNS Forwarder as a DNS server for the firewall' boxes checked?

I use Google's DNS servers and don't worry about it, Google knows everything about me anyway.  ::)

Steve

somkheart

I have same problem . How i can fixed it

stephenw10

You have the same symptoms as the OP?
Is the pfSense box able to check for updates?
You tried the IPv6 fix?

Steve