Https err_address_ureachable

Kodran · June 18, 2021, 5:11pm

This seems like a simple straightforward thing, but I am new to this and I couldn't find much information related to this topic. I installed pi-hole on my raspberry pi4 and configured my android phone to use the dns server provided and it seems that after that all https traffic ends in error, even when I disable the pi-hole. Is this the expected behavior?

From the logs:

Jun 18 15:34:52 dnsmasq[12909]: query[A] www.parkopedia.com from 192.168.1.128
Jun 18 15:34:52 dnsmasq[12909]: forwarded www.parkopedia.com to 8.8.4.4
Jun 18 15:34:52 dnsmasq[12909]: query[AAAA] www.parkopedia.com from 192.168.1.128
Jun 18 15:34:52 dnsmasq[12909]: cached www.parkopedia.com is NODATA-IPv6

My understanding is that NODATA-IPv6 is a form of blocking sites. Is my configuration wrong that makes all https requests fail?

Please help, where should I look to fix this?

Expected Behaviour:

HTTPS websites should display properly.

Actual Behaviour:

HTTPS websites end up in error with address unreachable

Debug Token:

https://tricorder.pi-hole.net/rz2idk50of

Kodran · June 18, 2021, 5:18pm

From this log I take it it should work, but it doesn't.

deHakkelaar · June 18, 2021, 6:49pm

You get the NODATA-IPv6 message because there are no ipv6 AAAA records for that domain:

pi@ph5b:~ $ host -t aaaa www.parkopedia.com localhost
Using domain server:
Name: localhost
Address: ::1#53
Aliases:

www.parkopedia.com has no AAAA record

pi@ph5b:~ $ host -t aaaa www.parkopedia.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

www.parkopedia.com has no AAAA record

But an ipv4 A record lookup should be logged with a reply:

pi@ph5b:~ $ host -t a www.parkopedia.com localhost
Using domain server:
Name: localhost
Address: ::1#53
Aliases:

www.parkopedia.com has address 99.80.63.2
www.parkopedia.com has address 52.51.188.8

pi@ph5b:~ $ pihole -t
[..]
20:33:41: query[A] www.parkopedia.com from ::1
20:33:41: forwarded www.parkopedia.com to 8.8.8.8
20:33:41: reply www.parkopedia.com is 99.80.63.2
20:33:41: reply www.parkopedia.com is 52.51.188.8

Or if still in cache:

pi@ph5b:~ $ pihole -t
[..]
20:42:47: query[A] www.parkopedia.com from ::1
20:42:47: cached www.parkopedia.com is 99.80.63.2
20:42:47: cached www.parkopedia.com is 52.51.188.8

Wait see results from the debug log.

Kodran · June 18, 2021, 9:23pm

Thanks for the quick response. parkopedia is just a random example. Most https sites get in the same situation. Is there anything I can do to fix this?

How it looks on my box:

pi@raspberrypi:~ $ pihole -t
  [i] Press Ctrl-C to exit
22:23:46: query[AAAA] www.parkopedia.com from ::1
22:23:46: forwarded www.parkopedia.com to 2001:4860:4860::8844
22:23:46: forwarded www.parkopedia.com to 2001:4860:4860::8888
22:23:46: forwarded www.parkopedia.com to 8.8.4.4
22:23:46: forwarded www.parkopedia.com to 8.8.8.8
22:23:46: reply www.parkopedia.com is NODATA-IPv6
22:24:25: query[A] www.parkopedia.com from ::1
22:24:25: forwarded www.parkopedia.com to 8.8.8.8
22:24:25: reply www.parkopedia.com is 52.51.188.8
22:24:25: reply www.parkopedia.com is 99.80.63.2

jfb · June 18, 2021, 9:29pm

This does not appear to be a Pi-hole issue. Pi-hole resolves domain names to IP's. Once the client has the IP, then the client makes the connection to the domain, which would include any TLS or SSL connections to the requested domain. Pi-hole is unaware of any traffic or connections made by the client to any resolved domains.

Kodran:

22:24:25: query[A] www.parkopedia.com from ::1
22:24:25: forwarded www.parkopedia.com to 8.8.8.8
22:24:25: reply www.parkopedia.com is 52.51.188.8
22:24:25: reply www.parkopedia.com is 99.80.63.2

Pi-hole is resolving the domains, so the problem lies outside of Pi-hole.

Of interest, the queries are coming to Pi-hole from an IPv6 client address. Is the client in question configured to connect to IPv6 only, or can it connect via IPv4 as well?

Kodran · June 18, 2021, 9:37pm

The client is an Oneplus 8 Pro, with the default android wi-fi settings, except the dns server override.

Here is the log

pi@raspberrypi:~ $ grep parkopedia.com /var/log/pihole.log
Jun 18 15:23:19 dnsmasq[12640]: query[A] www.parkopedia.com from 192.168.1.128
Jun 18 15:23:19 dnsmasq[12640]: forwarded www.parkopedia.com to 8.8.4.4
Jun 18 15:23:19 dnsmasq[12640]: query[AAAA] www.parkopedia.com from 192.168.1.128
Jun 18 15:23:19 dnsmasq[12640]: forwarded www.parkopedia.com to 8.8.4.4
Jun 18 15:23:19 dnsmasq[12640]: reply www.parkopedia.com is NODATA-IPv6
Jun 18 15:23:19 dnsmasq[12640]: reply www.parkopedia.com is 52.51.188.8
Jun 18 15:23:19 dnsmasq[12640]: reply www.parkopedia.com is 99.80.63.2
Jun 18 15:25:13 dnsmasq[12640]: query[A] www.parkopedia.com from 192.168.1.128
Jun 18 15:25:13 dnsmasq[12640]: forwarded www.parkopedia.com to 8.8.4.4
Jun 18 15:25:13 dnsmasq[12640]: query[AAAA] www.parkopedia.com from 192.168.1.128
Jun 18 15:25:13 dnsmasq[12640]: cached www.parkopedia.com is NODATA-IPv6
Jun 18 15:25:13 dnsmasq[12640]: reply www.parkopedia.com is 52.51.188.8
Jun 18 15:25:13 dnsmasq[12640]: reply www.parkopedia.com is 99.80.63.2
Jun 18 15:33:23 dnsmasq[12909]: query[A] www.parkopedia.com from 192.168.1.128
Jun 18 15:33:23 dnsmasq[12909]: forwarded www.parkopedia.com to 8.8.4.4
Jun 18 15:33:23 dnsmasq[12909]: query[AAAA] www.parkopedia.com from 192.168.1.128
Jun 18 15:33:23 dnsmasq[12909]: forwarded www.parkopedia.com to 8.8.4.4
Jun 18 15:33:23 dnsmasq[12909]: reply www.parkopedia.com is 52.51.188.8
Jun 18 15:33:23 dnsmasq[12909]: reply www.parkopedia.com is 99.80.63.2
Jun 18 15:33:23 dnsmasq[12909]: reply www.parkopedia.com is NODATA-IPv6
Jun 18 15:34:52 dnsmasq[12909]: query[A] www.parkopedia.com from 192.168.1.128
Jun 18 15:34:52 dnsmasq[12909]: forwarded www.parkopedia.com to 8.8.4.4
Jun 18 15:34:52 dnsmasq[12909]: query[AAAA] www.parkopedia.com from 192.168.1.128
Jun 18 15:34:52 dnsmasq[12909]: cached www.parkopedia.com is NODATA-IPv6
Jun 18 15:34:52 dnsmasq[12909]: reply www.parkopedia.com is 99.80.63.2
Jun 18 15:34:52 dnsmasq[12909]: reply www.parkopedia.com is 52.51.188.8
Jun 18 17:58:42 dnsmasq[12909]: query[A] www.parkopedia.com from 192.168.1.128
Jun 18 17:58:42 dnsmasq[12909]: forwarded www.parkopedia.com to 2001:4860:4860::8844
Jun 18 17:58:42 dnsmasq[12909]: query[AAAA] www.parkopedia.com from 192.168.1.128
Jun 18 17:58:42 dnsmasq[12909]: forwarded www.parkopedia.com to 2001:4860:4860::8844
Jun 18 17:58:42 dnsmasq[12909]: reply www.parkopedia.com is NODATA-IPv6
Jun 18 17:58:42 dnsmasq[12909]: reply www.parkopedia.com is 52.51.188.8
Jun 18 17:58:42 dnsmasq[12909]: reply www.parkopedia.com is 99.80.63.2
Jun 18 18:00:32 dnsmasq[12909]: query[A] www.parkopedia.com from 192.168.1.128
Jun 18 18:00:32 dnsmasq[12909]: forwarded www.parkopedia.com to 2001:4860:4860::8844
Jun 18 18:00:32 dnsmasq[12909]: query[AAAA] www.parkopedia.com from 192.168.1.128
Jun 18 18:00:32 dnsmasq[12909]: cached www.parkopedia.com is NODATA-IPv6
Jun 18 18:00:32 dnsmasq[12909]: reply www.parkopedia.com is 99.80.63.2
Jun 18 18:00:32 dnsmasq[12909]: reply www.parkopedia.com is 52.51.188.8
Jun 18 18:15:24 dnsmasq[12909]: query[A] www.parkopedia.com from 192.168.1.128
Jun 18 18:15:24 dnsmasq[12909]: forwarded www.parkopedia.com to 8.8.8.8
Jun 18 18:15:24 dnsmasq[12909]: query[AAAA] www.parkopedia.com from 192.168.1.128
Jun 18 18:15:24 dnsmasq[12909]: forwarded www.parkopedia.com to 8.8.8.8
Jun 18 18:15:24 dnsmasq[12909]: reply www.parkopedia.com is NODATA-IPv6
Jun 18 18:15:24 dnsmasq[12909]: reply www.parkopedia.com is 99.80.63.2
Jun 18 18:15:24 dnsmasq[12909]: reply www.parkopedia.com is 52.51.188.8
Jun 18 22:23:46 dnsmasq[721]: query[AAAA] www.parkopedia.com from ::1
Jun 18 22:23:46 dnsmasq[721]: forwarded www.parkopedia.com to 2001:4860:4860::8844
Jun 18 22:23:46 dnsmasq[721]: forwarded www.parkopedia.com to 2001:4860:4860::8888
Jun 18 22:23:46 dnsmasq[721]: forwarded www.parkopedia.com to 8.8.4.4
Jun 18 22:23:46 dnsmasq[721]: forwarded www.parkopedia.com to 8.8.8.8
Jun 18 22:23:46 dnsmasq[721]: reply www.parkopedia.com is NODATA-IPv6
Jun 18 22:24:25 dnsmasq[721]: query[A] www.parkopedia.com from ::1
Jun 18 22:24:25 dnsmasq[721]: forwarded www.parkopedia.com to 8.8.8.8
Jun 18 22:24:25 dnsmasq[721]: reply www.parkopedia.com is 52.51.188.8
Jun 18 22:24:25 dnsmasq[721]: reply www.parkopedia.com is 99.80.63.2
Jun 18 22:30:51 dnsmasq[721]: query[A] www.parkopedia.com from 127.0.0.1
Jun 18 22:30:51 dnsmasq[721]: forwarded www.parkopedia.com to 8.8.8.8
Jun 18 22:30:51 dnsmasq[721]: reply www.parkopedia.com is 52.51.188.8
Jun 18 22:30:51 dnsmasq[721]: reply www.parkopedia.com is 99.80.63.2

jfb · June 18, 2021, 9:45pm

That client has both an IPv4 and IPv6 address. Since Pi-hole is resolving the domains correctly, the problem is with the requesting client.

On that client, check the SSL certs. If those are bad, it won't be able to make an SSL connection.

Kodran · June 18, 2021, 9:54pm

I'm puzzled since it works if I remove the dns override.

Kodran · June 21, 2021, 3:29pm

It seems it has something to do with how Android network configuration works. On my win10 machine, it works with no issues, both on ipv4 and ipv6.
As a workaround, it seems that using an app called DNS Changer and setting it to my pi-hole actually fixes the issue. I hope this helps someone else who might come to this issue in the future.

system · July 12, 2021, 3:29pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.