Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to resolve kali.download

    Scheduled Pinned Locked Moved DHCP and DNS
    9 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jrather
      last edited by

      I have a proxmox with a couple of VMs. I use pfSense as a firewall for them. I have a Kali VM, which is unable to DNS resolve "kali.download". It is able to resolve all other dns queries. I use the pfSense LAN interface as the kali's DNS server and have DNS resolver enabled. Issue is very strange and I do not know how to fix or troubleshoot. If I query kali.download from the pfsense itself it resolves, just not as the Kali client.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @jrather
        last edited by

        @jrather are you using any pfblocker lists that would block that?

        If dns gui is able to resolve it using itself 127.0.0.1 then any client should be able to resolve it as well - even you were using pfblocker with block lists.

        Is pfsense resolving it to the correct place - I show it resolving as below

        lookup.jpg

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • J
          jrather
          last edited by

          I do not know what pfblocker is so I would say no.

          1 Reply Last reply Reply Quote 0
          • J
            jrather
            last edited by

            Query you show, is the same for me via the pfSense GUI. Just not getting that response on the Kali VM.

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @jrather
              last edited by

              @jrather well then your VM isn't using pfsense as its dns would be what I would think what is happening, there is nothing out of the box that would prevent a client from resolving what pfsense can clearly resolve, if using pfsense as its dns.

              You sure your client is using pfsense as its dns?

              Here is a query directly to pfsense ip - resolves just fine.

              query.jpg

              is your VM showing 127.0.0.53 as its dns if you do a dig, or host or nslookup on it - if so then your not really sure where its asking..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • J
                jrather
                last edited by

                Unchecking DNSSEC, Enable DNSSEC Support in DNS Resolver seemed to solve it.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @jrather
                  last edited by

                  @jrather I would think that more just a restart of unbound vs dnssec since that kali.download isn't dnssec enabled.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • J
                    jrather
                    last edited by

                    Well I am not sure why disabling DNSSEC fixed it. But my proxmox is behind a Netgear router (The Netgear gets DNS from a pi-hole outside it's WAN port). So the WAN port on the pfsense uses the Netgear as it's DNS. In my scenario, I do not think a DNSSEC query matters since the Netgear and proxmox are internal my real WAN connection. Reading the setting, it referred enabling DNSSEC when using the root servers directly. I do not do that, so disabling it on the pfsense to get it to work is fine with me.

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @jrather
                      last edited by johnpoz

                      @jrather said in Unable to resolve kali.download:

                      it referred enabling DNSSEC when using the root servers directly

                      If your are forwarding to anywhere on pfsense, then yeah dnssec shouldn't be enabled - where you forward either does dnssec or it doesn't.

                      That setting really only has any real use if your actually resolving, ie talking to roots. If your forwarding then that setting is more likely to cause issues than anything else.

                      Both those records are not dnssec signed anyway, and I use dnssec since I resolve.. And not having any issues resolving it.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.