PS5 wont connect to the internet PiHole DHCP Server

Expected Behaviour:

PS Connecting to the internet

Actual Behaviour:

PS5 sees the router connects to the router gets the required data from the DHCP server (PiHole) but it wont actually connect to the internet. I can see that the dns ip address is correct(points to the pihole) and the ipv6 address is partially correct (first half if the static ipv6 address on the pihole the second half I dont recognise (I think this is normal behavior?))

So I decided to set up my pihole as my DHCP server so I can enable DoH or DoT later.
So go in to pihole set up the static ips(v4 and v6) using /etc/dhcpcd.conf
Set start the DHCP server allowing IPV6.
Stop the dhcp server on the broadband (allowing IPV6)
Problems start happening I restart the router and RPI problems seem to go away.
Later on I realise that IPV6 is not working so great on some devices namely the smart tv(only one of them but they are diffrent so the other one doesnt use IPV6 I think) and the PS5
So I realised that I can set up a IPV6 dns on the router alongside V4(it was already pointing to the RPI before DHCP server setup)
So I set up the IPV6 dns pointing.
I think the tv started working after this point. (I tried alot of diffrent stuff in between(it might even have switched to using IPV4 on its own))
The PS5 is having a similar problem but I am out of ideas on how to fix it. PS5 doesnt allow you to set up DNS for ipv6 but I did the google dns for ipv4 that didnt seem to work which is weird. I should also say that I tried restarting it then forgetting the network and restarting it again they didnt seem to do anything.

The broadband has 2 diffrent wifi networks. One with 2.4/5/6 one without 2.4 and the rest. I thought maybe that was the issue(even though I can ping it from my pc(both v4 and v6)) so I tried the other one that didnt work either.

I should also add that while my phone works great with IPV6 seemingly prefering it over V4 my pc cant do "ping6 google.com". However it doesnt mind doing a dig or nslookup using ipv6.

Additionally I can use IPV6 as expected on the RPI with the PiHole(pinging, look ups all that stuff)

Debug Token:

https://tricorder.pi-hole.net/sJuyqDsf/

OK an update.

Seems the problem is not with ipv6 it is acutally with ipv4.

I do dig on client(fedora) and run a tcpdump on RPI. I can see that I receive the A? on tcpdump and there is a response going out with the ip address(after its resolved from cloudflare or some other server) however dig @192.168.1.2 namecheap.com ran on the fedora is saying connection timed out no servers could be reached. Same process with the ipv6 of the pihole(or even no ip address(after it fails ipv4)) works just fine. So DNS lookup seems to be working fine on the pihole. I dont know if the router is not configured correctly for this or whats the problem I never get the DNS lookup back on IPV4.

So I think its because those devices smart tv and the ps5 are communicating on ipv4 instead of 6(exclusively apparently) the network connections fail. Now I have no idea why this happens so if you can let me know that would be much appreciated. Also I turned on permit all origins on the pihole.

Disabling the firewall at the router for testing did not yield any results. I should also mention that this is not a dockerised setup but on the RPI I have docker and tailscale installed. I dont think they are the problem as tcp dump shows a correct return address.

Also extra question. Pihole should be returning to the client IP address right not the routers IP address(since its a DHCP server too.)

From the same machine try dig @1.1.1.1 namecheap.com and see if it times out as well. This will still be ipv4 but it will not use the pihole at all. It if fails then perhaps look to the router settings.

This works fine. I tried dig @1.1.1.1 oed.com namecheap was cached. That worked just fine as I expected. I still think it might be router though. Because the TCPDUMP shows a response.

For dig @192.168.1.2 roll20.net

01:16:59.283444 IP (tos 0x0, ttl 64, id 1522, offset 0, flags [none], proto UDP (17), length 79)
    192.168.1.168.52640 > 192.168.1.2.53: 49747+ [1au] A? roll20.net. (51)
01:16:59.283884 IP (tos 0x0, ttl 64, id 12989, offset 0, flags [DF], proto UDP (17), length 115)
    192.168.1.2.53 > 192.168.1.168.52640: 49747 3/0/1 roll20.net. A 104.22.74.154, roll20.net. A 104.22.75.154, roll20.net. A 172.67.21.218 (87)

I tried a random that should not be cached and thats the dump from PiHole. 192.168.1.168 is Fedora

Another update I manage to get a pcap file on the router.

Run TCPDUMP on pihole and run the tracer tool on the router. Then do the dig request.

Looking at the results. I can see that PiHole gets the dns request. Thru the router(they dont have wifi and are not connected directly via cable so they can only talk over the router. infact everything goes thru the router because pihole is not wifi enabled)
So Client ip > Pihole Ip asks A? for example.com
Normally Pi goes out to dns server but in this case its cached.
Pihole > Same Client Ip A record xxx.xxx.xxx.xxx if example.com

On the router dump I can see that client asks for a record but doesnt get it back couple seconds later it asks again. When I filter the dump for dns and pihole ip I only see destinations packets going to it. with only one going out to get a record from 1.0.0.1.

It is said that this is due to the integrated switch chip handles the return journey for lan to lan trafic. So this doesnt actually prove anything but I still wanted to share as extra debug step.

here is the gateway of the pihole

@raspberrypi:~$ ip route show
default via 192.168.1.1 dev eth0 src 192.168.1.2 metric 1002 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.1.0/24 dev eth0 proto dhcp scope link src 192.168.1.2 metric 1002 
@raspberrypi:~$ route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    1002   0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     1002   0        0 eth0

PS: I just tested dig to the PiHole and it works on the condition that I am using +tcp... UDP doesnt work it seems even though I am picking up and resolving both UDP and TCP requests on the PiHole interface.