PlayStation 5 got frequent SSL Errors due to hostname resolution

The issue I am facing:
Hello, I’m frequently facing some SSL Errors with my PS5 who says me « couldn’t resolve hostname ».

Have you faced the same issue?

Details about my system:
Raspberry 3 with latest raspbian release

I will edit soon this topic to add details.

  Current Pi-hole version is v5.13
  Current AdminLTE version is v5.16
  Current FTL version is v5.18.2

https://tricorder.pi-hole.net/uOPEiVOH/

In the Pi-hole's web interface go to Disable Blocking > Indefinitely and try the PS5 again (might need to restart the PS5 to make it try again). Do the errors go away? You can re-enable once you've finished testing.

If it works then it looks like Pi-hole is blocking some domains that the PS5 needs. You'll need to look in your Query Log and see what Playstation-related domains are being blocked and Whitelist them. But if it still doesn't work when Pi-hole is disabled then it looks like Pi-hole is not responsible for what you're seeing.

Your Pi-hole has an active ethernet interface and address with a predictable interface name:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] uaadi.com is 0.0.0.0 on lo (127.0.0.1)
[✓] uaadi.com is 0.0.0.0 on enxb827ebef84df (192.168.1.21)
[✓] No IPv4 address available on wlan0
[✓] uaadi.com is 0.0.0.0 on wg0 (10.6.0.1)
[✓] uaadi.com is 0.0.0.0 on tun0 (10.8.0.1)
[✓] doubleclick.com is 142.250.203.110 via a remote, public DNS server (8.8.8.8)

But, Pi-hole is configured for a different interface name:

    IPV4_ADDRESS=192.168.2.2/16
    PIHOLE_INTERFACE=eth0

Run pihole -r and select the reconfigure option to set up Pi-hole on the active interface name, or change the interface naming in your OS so the interface becomes etho0 again.

Unfortunately, there is no blocking from my PS5 IP :frowning:

If I kill and restart the internet connection via the settings, the issue disappears for 5-10 minutes. Afterward I have some missing images or no ability to interact with my Online presence.

I indeed reconfigured the pihole, the old config was not up to date indeed but the issue remains unfortunately.

Ping anyone. I tried anything…

You'll need to fix the Pi-hole config by following the info in jfb's post. If you've done that, please can you create another debug log and post the new token url, and someone will see how it looks now.

Sure: https://tricorder.pi-hole.net/c9FbLtnM/

Unfortunately, I tried 2 times to reconfigure and select the correct interface but since Stretch the interface names contain the MAC address now.

I still doesn't know where it keeps the old IPV4 and interface name.

There are still a few irregularities in your debug log, though I doubt that they would be related to your issue, as I'd expect those to affect all clients, not just your PS5.

Your debug log suggests your configuration has been successfully adopted for the correct interface name, but your Pi-hole's configured IP address 192.168.2.2/16 does not match your actual IP:

*** [ DIAGNOSING ]: Network interfaces and addresses
       (...)
       inet 192.168.1.21/16 brd 192.168.255.255 scope global dynamic noprefixroute 

Also, you've enabled Pi-hole's Conditional Forwarding for a local domain name of sunrise, while the actual local domain name propagated by your router is home:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Timeout: 10 seconds
   
   * Received 341 bytes from enxb827ebef84df:192.168.0.1
     Offered IP address: 192.168.1.21
     DHCP options:
      Message type: DHCPOFFER (2)
      router: 192.168.0.1
      dns-server: 192.168.1.21
      dns-server: 0.0.0.0
      broadcast: 192.168.255.255
         domain-name: "home"
      --- end of options ---

This could interfere with correct resolution of local names, i.e. those used by devices in your private home network.

Back to your observation:
Your initial screenshots suggests that Pi-hole could be involved by blocking a domain your PS5 is trying to access.

When this happens again, you should investigate your Pi-hole's Query Log for your PS5's corresponding DNS queries.
The following may also help:

EDIT:
I also noticed you've created a group named PS5, with no current block lists assigned.
You've also definded a single client using both the Default as well as the PS5 group:

*** [ DIAGNOSING ]: Clients
 id    group_ids  ip                  date_added           date_modified        comment
 ----  ---------  ------------------  -------------------  -------------------  -------
 3     0,1        BC:33:29:xx:xx:xx   2022-10-14 13:57:11  2022-10-14 13:57:18

If the intention of that group was to not filter your PS5, then you should remove the Default group assignment for that client.

1 Like

Well in fact this may not be true since my DHCP is configured with the submask 255.255.0.0.

I manually changed the configVars by hand to make this match.
Here a link of the latest debug: https://tricorder.pi-hole.net/VdOXP9P1/

Here a screenshot of my router, I do not have much infos about this but will change the conditional forwarding to home thanks for the input!

Regarding the issue on my PS5, disabling the PiHole for x minutes doesn't change anything even after the router reboot or the PlayStation reboot :frowning: The PS5 doesn't have any request blocked. Few are cached btw, does this makes an issue and the PlayStation thinks it's a man in the middle attack?

This is a strong indication that your issue is not related to Pi-hole.

Note that upstream servers may apply DNS filtering as well, i.e. respective DNS queries would not be blocked by Pi-hole, but the upstream DNS server would block the forwarded request.
If that's the case, configuring Pi-hole for a different set of upstreams may help.

This is my config (without any upstream set by hand, do you suggest adding the Internet Provider's one?)

No, as adding another upstream would complicate the assessment.

If you have reason to believe that upstream DNS is involved, you should rather consider trying different upstream DNS resolvers one by one.

1 Like

Well in fact it’s not due to DNS on my end because even if I try with handmade DNS entry to the Google ones, the issue still remains.

AFAIK, the issue is not very stable so I don't know why this happens, but it seems that DNS cache response is the main factor. Some requests are cached by the pihole.

The other potential issue is ipv6, my pi-hole doesn't have any and my PS5 is somehow getting one when I setup the pihole ipv4 address manually.

Perhaps your isp router is configuring ipv6 for any devices asking, so the PS5 gets an ipv6 address which fails to work. If you don't use ipv6 for anything specific, try going into your isp router and seeing if there's an option to completely turn off ipv6. Then restart the PS5 and see how it behaves now, with Pi-hole both disabled and then enabled as per post #2.

Unfortunately, my ISP doesn't let me disable IPv6 in LAN mode ...

Can you disable it in the PS5 itself? I don't have one but found this:

You can disable IPv6 on PS5 by following the steps below:

  1. Go to the Network settings of your console.
  2. Uncheck the box next to the Internet Protocol Version 6 (TCP/IPv6) option.
  3. And then click the OK button.

I don't find any of this. In cabled mode we have DHCP options (automatic, manual), DNS options (primary, secondary), Proxy, MTU

If you continue to have connection issues on PS5, you are not alone. If you can disable wireless on your router, and purchase yet another one that can use open-firmware like openWRT (just for future proof features / security updates, so your device doesn't become insecure, "outdated" e-waste), you can disable ipv6 on that, and it seems the internet will work better.

Redditors seem to think this is a firmware issue, so maybe future updates will help.