The webpage at https://www.aliexpress.com/ might be temporarily down or it may have moved permanently to a new web address.
ERR_NAME_RESOLUTION_FAILED
for some websites, I took aliexpress as example since it is such a big player that it should not be failing. Most of the websites load fine. Looking at my log in pi-hole tells me that aliexpress is not blocked. Other devices in the network have the same problem. Moving the DNS back to my router let's me access the websites again.
In the Chrome error, the domain is "www.aliexpress.com" but with the dig command, you only query "aliexpress.com".
What if you use the "nslookup" command (works on Linux as well as Windows) instead of "dig" on a troubled client ?
In below example, 10.0.0.2 is my Pihole IP.
Above example queries the DNS server(s) that is/are configured in the client OS (10.0.0.2 in my case).
If want to query a particular DNS server like for example Google's 8.8.8.8:
I got it to work again but I am not sure what actually did the trick. Maybe someone can give me a hint?
I removed IPv6 DNS server from pi hole. Did not change anything but maybe it just needed time to propagate?
I disabled my routers firewall settings. Connecting to aliexpress worked again but it continued working after I enabled the firewall again.
The Vigor 130 firewall has some options to prevent flooding different packages (DoS) maybe I reseted the count by turning the firewall of once. Do someone know which firewall option could be the problem?
Probably removing the ipv6 DNS did the trick as the clients were trying to resolve through ipv6.
And yes, whenever you change settings related to DHCP, these settings need to propagate first to the clients.
If you dont have ipv6 setup/configured in your LAN, best to disable this for all.
Well my ISP provides me with a DS-Lite connection. Meaning I have a shared IPv4 and every device has also an IPv6 so I thought I also need to enable IPv6 DNS to get a use case out of my IPv6 setup.
If so, make sure Pi-hole has a valid ipv6 address and is configured to use ipv6.
And you can test the same with the lookup command using the ipv6 addresses eg:
If I interpret my test right the problem is that aliexpress is not reachable via IPv6. So my setup was correct but enabling IPv6 can lead to problems if websites do not support it. Shouldn't there be a fallback to IPv4?
C:\WINDOWS\system32>nslookup www.aliexpress.com 2001:4860:4860::8888
Server: google-public-dns-a.google.com
Address: 2001:4860:4860::8888
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Timeout for google-public-dns-a.google.com.
C:\WINDOWS\system32>nslookup jwillmer.de 2001:4860:4860::8888
Server: google-public-dns-a.google.com
Address: 2001:4860:4860::8888
Non-authoritative answer:
Name: jwillmer.de
Addresses: 2400:cb00:2048:1::681c:167e
2400:cb00:2048:1::681c:177e
104.28.22.126
104.28.23.126
No. IPv4 and IPv6 are different addressing systems in the same namespace (the Internet). There is no fallback by default (it might even be harmful, as IPv4 will have to die out at some point). Instead, the commonly seen behavior of e.g. browsers is to first query IPv6 and only if that fails query an IPv4 address.
Furthermore:
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Timeout for google-public-dns-a.google.com.
doesn't seem like there is no data available for the queried domain but rather your connection to the DNS server itself timed out (there was no negative response).
It really was the problem with my Vigor 130 firewall. I had the timeout problem today again and disabling the firewall immediately fixed the problem. Next time it occurs I try to pinpoint which firewall option is the problem.