I recently intalled pi hole one my Raspberry 5. I am using it wih unbound upstream. Everything was fine. But I some web sites gives ERR_SSL_PROTOCOL_ERROR. (I have to sensored to domain sorry about that.)
I noticed websites works on PC when using Chrome but errors are only happening when using edge on PC or any browser on Android.
I compared the results using
dig with 22.214.171.124 and unbound and pi.hole. Results are the same. I disabled all hosts. But couldn't figured it out
If someone can guide me on how can I debug such situation, it would be greate.
If the results are the same for all 3, this doesn't look like an issue with Unbound.
Test using different browsers on the same device. Also test using different devices.
Pay attention to browser's special DNS configurations (like DoH, "Secure DNS", etc.). They could be the cause of the different behavior between browsers.
When I chaged dns to 126.96.36.199 from my adapter settings on my PC, Edge starts working. So when I use Pi-hole with Unbound or with 188.8.131.52 I cannot access the website on Edge Browser. But when I changed my dns on PC adapter settings to 184.108.40.206 I am able to connect the website on Edge Browser. I believe there is something wrong with browser and Pi-hole. I tried enabling and disableing DNSSEC but didn't efect a thing.
SSL negotiation only starts once DNS resolution has successfully completed, so I doubt that your observation is related to Pi-hole, unless you'd be blocking OCSP responder domains used to check certificate validity of a variety specifically used by Edge exclusively.
Ubuntu Firefox => Gives SSL error
Ubuntu Chromium => Gives SSL error
Ubuntu Brave => Website Reachable
Windows Chrome => Website Reachable
Windows edge => Gives SSL error
Android Samsung Internet => Gives SSL error
Android Chrome => Gives SSL error
Note: All of the clients get DNS server IP's from LAN Group set from Router.
Note 2: There are HTTPS type queries that returns NODATA on pi-hole dasboard
How can I check is there any blocking?
Edit: I tried
openssl s_client -connect google.com:443 and google.com returned a certificate. When I tried with that site it stucked with:
Edit 2: I just checked with 220.127.116.11 and the dns result is different from 18.104.22.168 But mine is same as 22.214.171.124 .
I got it working. Some how adding www. to the websites made it work. I checked and the IP addresses are different with www and without. I am able to reach it with www. But I don'T understand why it works on PC but not on Android withou www.