Same for me, I have IPv6 disabled on my router but IPv6 upstream DNS servers enabled on my Pi-Hole and I constantly get these errors after updating to Pi-Hole v6.
I disabled the IPv6 upstream servers and rebooted and not seen the error since.
1 Like
Issue cleared/fixed for me as well when removing ticked upstream IPv6 DNS servers on a host not using IPv6. Would see warning everytime docker container was restarted and has not occurred since removing.
Has anyone tried my proposed threshold, yet? Unfortunately, I am not reliably able to reproduce this myself because I'm currently not at home so I cannot simply "pull the plug" for a few seconds.
Do you mean this command below? If yes, i could try if you want.
What does this command do?
sudo pihole checkout ftl tweak/conn_errors_threashold
Hey,
yep. Today I first updated to 6.03 (still getting the errors in the GUI).
Then I switched to tweak/conn_errors_threashold, 51123157 - and no error since then in the GUI.
Before I had the error in my network 1-2 times every minute - now I don't see the warnings in the GUI, but in the FTL-Log they are still present.
2025-02-21 10:35:27.134 CET [25647M] WARNING: Connection error (2620:119:35::35#53): failed to send UDP request (Network unreachable)
2025-02-21 10:36:01.018 CET [25647M] WARNING: Connection error (2620:119:35::35#53): failed to send UDP request (Network unreachable)
Only one small question: Do I have to switch back for further updates and ... how? 
You should at least allow outbound UDP for IPv4/IPv6 port 53.
Blocking outbound UDP is really a bad idea for DNS.
DNS is primarily UDP, reverting to TCP only if a reply would exceed UDP packet size.
It explains why you are seeing those failed to send UDP request messages, which are new to v6, see UDP Error - #16 by DL6ER.
Yes,
sudo pihole checkout ftl master
once the next version of FTL has been released and this fix is inside.
ill see if I can figure it out, I only see on or off atm for my Ubiquiti Unfi. Maybe I can try a custom firewall rule.
Im seeing more in the logs now, on other ports: ailed to send UDP reply ( #4273 ): failed to send UDP reply (Network unreachable ) not just 53
I have 2 piholes running, my bare metal one works fine, the other running in a container throws the error.
As you said it is infrequent, however the frequency is so consistent that it does not seem like random connectivity errors. They are all nearly exactly 10 minutes apart. Is there a specific process that runs every 10 minutes?
2025-02-21 12:30:06.872 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 12:40:09.236 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 12:50:32.299 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 13:00:56.948 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 13:11:10.711 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 13:21:13.974 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 13:32:27.174 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 13:42:28.207 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 13:52:29.727 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 14:02:30.485 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 14:12:31.306 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 14:22:32.084 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 14:32:47.433 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
2025-02-21 14:42:57.726 WARNING Connection error (2606:4700:4700::1111#53): failed to send UDP request (Network unreachable)
Also seeing these Warnings with a 10 minute interval in a docker container pi-hole.
Please check /var/log/pihole/pihole.log
I run my pihole in an Proxmox LXC container.
After upgrade to 6.x (Core v6.0.3, FTL v6.0.2 and Web interface v6.0.1) I see this:
==> pihole/FTL.log <==
2025-02-21 22:15:54.344 CET [276M] WARNING: Connection error (2001:4860:4860::8888#53): failed to send UDP request (Network unreachable)
==> pihole/pihole.log <==
Feb 21 22:15:54 dnsmasq[276]: failed to send UDP request: Network unreachable
Feb 21 22:15:54 dnsmasq[276]: forwarded 4.4.8.8.in-addr.arpa to 208.67.222.222
Feb 21 22:15:54 dnsmasq[276]: forwarded 4.4.8.8.in-addr.arpa to 208.67.220.220
Feb 21 22:15:54 dnsmasq[276]: failed to send UDP request: Network unreachable
Feb 21 22:15:54 dnsmasq[276]: failed to send UDP request: Network unreachable
Feb 21 22:15:54 dnsmasq[276]: forwarded 4.4.8.8.in-addr.arpa to 1.1.1.1
Feb 21 22:15:54 dnsmasq[276]: forwarded 4.4.8.8.in-addr.arpa to 1.0.0.1
Feb 21 22:15:54 dnsmasq[276]: failed to send UDP request: Network unreachable
Feb 21 22:15:54 dnsmasq[276]: failed to send UDP request: Network unreachable
dug a a little further into this.
with the default docker network configuration the ipv6 addresses were not reachable from the container.
adding my own network with ipv6 enabled and assigning it to the service fixed the problem.
my docker-compose.yaml:
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "80:80/tcp"
environment:
TZ: 'Europe/Berlin'
WEBPASSWORD: 'redacted'
volumes:
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
restart: unless-stopped
networks:
- pihole_ip6net
networks:
pihole_ip6net:
enable_ipv6: true
ipam:
config:
- subnet: 2001:db8::/64
1 Like
Same here after upgrade to 6.
I attempted to switch to the "tweak/conn_errors_threshold" branch, but since I'm using Docker, I received the error message:
Function not supported in Docker images
Previously, this connection error appeared in my Docker logs approximately every 10 minutes. I've since made two changes:
- Updated to the latest Docker image
- Enabled IPv6 following spookster's example
Since implementing these changes, the connection error has not reappeared in the logs.
1 Like
I try this:
# pihole checkout ftl tweak/conn_errors_threashold
Please note that changing branches severely alters your Pi-hole subsystems
Features that work on the master branch, may not on a development branch
This feature is NOT supported unless a Pi-hole developer explicitly asks!
Have you read and understood this? [y/N] y
[i] Checking for availability of branch tweak/conn_errors_threashold on GitHub
[✓] Branch tweak/conn_errors_threashold exists on GitHub
[i] Checking for pihole-FTL-amd64 binary on https://ftl.pi-hole.net
[✓] Binary exists
[i] Switching to branch: tweak/conn_errors_threashold from master
[✓] Downloading and Installing FTL
[✓] Restarting pihole-FTL service...
[✓] Enabling pihole-FTL service to start on reboot...
[✓] Restarted FTL service
I see other ERROR. I go back to master.
==> pihole/pihole.log <==
Feb 22 19:58:57 dnsmasq[64823]: TCP connection failed: Network unreachable
Feb 22 19:58:57 dnsmasq[64823]: TCP connection failed: Network unreachable
Feb 22 19:58:59 dnsmasq[64870]: query[AAAA] signaler-pa.clients6.google.com from 192.168.178.1
Feb 22 19:58:59 dnsmasq[64870]: forwarded signaler-pa.clients6.google.com to 1.0.0.1
Feb 22 19:58:59 dnsmasq[64870]: reply signaler-pa.clients6.google.com is 2a00:1450:4001:828::200a
Feb 22 19:58:59 dnsmasq[64870]: query[HTTPS] signaler-pa.clients6.google.com from 192.168.178.1
Feb 22 19:58:59 dnsmasq[64870]: forwarded signaler-pa.clients6.google.com to 1.0.0.1
Feb 22 19:58:59 dnsmasq[64870]: reply signaler-pa.clients6.google.com is NODATA
Feb 22 19:58:59 dnsmasq[64823]: TCP connection failed: Connection prematurely closed by remote server
Feb 22 19:59:01 dnsmasq[64823]: TCP connection failed: Connection prematurely closed by remote server
Feb 22 19:59:01 dnsmasq[64823]: TCP connection failed: Network unreachable
Feb 22 19:59:01 dnsmasq[64823]: TCP connection failed: Network unreachable
Feb 22 19:59:01 dnsmasq[64823]: TCP connection failed: Connection prematurely closed by remote server
Feb 22 19:59:02 dnsmasq[64823]: TCP connection failed: Connection prematurely closed by remote server
Feb 22 19:59:02 dnsmasq[64823]: TCP connection failed: Network unreachable
Feb 22 19:59:02 dnsmasq[64823]: TCP connection failed: Network unreachable
Feb 22 19:59:09 dnsmasq[64916]: query[AAAA] google.com from 192.168.178.1
Feb 22 19:59:09 dnsmasq[64916]: forwarded google.com to 1.0.0.1
Feb 22 19:59:09 dnsmasq[64916]: reply google.com is 2a00:1450:4001:81c::200e
Feb 22 19:59:09 dnsmasq[64916]: query[A] google.com from 192.168.178.1
Feb 22 19:59:09 dnsmasq[64916]: forwarded google.com to 1.0.0.1
Feb 22 19:59:09 dnsmasq[64916]: reply google.com is 216.58.206.46
Feb 22 19:59:12 dnsmasq[64823]: TCP connection failed: Connection prematurely closed by remote server
==> pihole/FTL.log <==
2025-02-22 19:59:12.028 CET [64823/F64026] WARNING: Connection error (1.1.1.1#53): TCP connection failed while receiving payload length from upstream (Connection prematurely closed by remote server)
==> pihole/pihole.log <==
Feb 22 19:59:12 dnsmasq[64823]: config error is REFUSED (EDE: network error)
@ spookster that is my issue as well it seems, thanks for clearing that up. The OS can ping ipv6 addresses just fine, but the container can't.
Thanks for that lead!
1 Like
You should probably be aware that Docker is IPv4 only by default, so seeing network unreachable messages for IPv6 upstreams would be expected. Also, such messages aren't critical, as long as your container is still aware of an IPv4 upstream.
Picking IPv6 addresses as Pi-hole's upstream DNS servers doesn't make much sense in such a configuration - just stick with IPv4 and untick IPv6 upstreams.
Note that for getting Docker to work with IPv6, you'd need to enable IPv6 support in both the container you want to use IPv6 as well as the Docker daemon itself.
In addition, the latter would currently only support IPv6 with Docker daemons running on Linux hosts.
2 Likes