Since i updated to PiHole 5.0, i am facing some strange name resolution issues, which only occur on a few website, mostly paypal.de.
The logs display nothing suspicious. Allowing all advertising-domains on the sites do not change anything. The problem didn't exist before 5.0.
Expected Behaviour:
Sites like paypal.de should be reachable on first try.
OS: Ubuntu 20.04 x64
i3-8100 / 8GB RAM
DNS-Servers: Tried Cloudflare and Quad9
Pihole-Version v5.0, Web Interface Version v5.0, FTL Version v5.0
Actual Behaviour:
When i try to access e.g. Paypal.de, i get a ERR_NAME_NOT_RESOLVED in my browser, after refreshing the page some times it will load a version which looks like its CSS is broken (issues in displaying graphics and text). When i try to reload a few times again, at some point, the site will load like expected.
I already clean installed Pihole on a also clean installed Ubuntu OS without any change.
Moreover, i already tried:
Updated gravity
flushed DNS and browser-caches on clients
tried different browsers
Debug Token:
Unfortunately, i get a 403 Invalid Account when trying to upload the log-file, even though i authorized pihole to access my github? Is there any other way?
I would appreciate any suggestions where to dig deeper on this problem.
Thank you very much in advance for your help and your time!
Everything looks fine in the debug log. What Operating System is the client, and what browser? Does this happen with different browsers or different operating systems if you are able to check?
The client is using Windows 10 and the recent Chrome version. It is also happening on Edge and on Android devices as well, so it does not seem to be browser-specific.
As it is perfectly reproduceable, i made some Screenshots of what is happening (click to enlarge):
I checked that and i could verify that the IP address listed is the IP of the pihole-machine.
What i am wondering about is why this is happening on such a few sites only? At the moment, i am just aware of two sites (paypal.de + Bild.de), all other sites are running well...
This indicates that Pi-hole is not blocking these domains. If there is additional content being requested that is not loading, these tools can help you determine why your requested content will not load:
As is did more investigation today, i think the cause for the trouble is DNSSEC. As another device acts as a DNS-Forwarder in my network and both devices (firewall + pihole) had DNSSEC activated, some sites ran into trouble.
I changed that today (eliminated the firewall-device out of the DHCP-DNS and changed it to directly point at the pihole-machine) and there were no more errors until now. It is too early to draw conclusions, but i think this was the cause.
What remains strange is that the issue occured after the pihole-update to 5.0, before that issue never occured. Probably the way pihole handles DNSSEC changed with this update?