Unbound Upstream ERR_SSL_PROTOCOL_ERROR

nightynight · February 9, 2024, 8:06pm

Hi everyone,

I recently intalled pi hole one my Raspberry 5. I am using it wih unbound upstream. Everything was fine. But I some web sites gives ERR_SSL_PROTOCOL_ERROR. (I have to sensored to domain sorry about that.)

I noticed websites works on PC when using Chrome but errors are only happening when using edge on PC or any browser on Android.

I compared the results using dig with 1.1.1.1 and unbound and pi.hole. Results are the same. I disabled all hosts. But couldn't figured it out

If someone can guide me on how can I debug such situation, it would be greate.

rdwebdesign · February 9, 2024, 9:10pm

If the results are the same for all 3, this doesn't look like an issue with Unbound.

Test using different browsers on the same device. Also test using different devices.

Pay attention to browser's special DNS configurations (like DoH, "Secure DNS", etc.). They could be the cause of the different behavior between browsers.

nightynight · February 9, 2024, 9:43pm

When I chaged dns to 1.1.1.1 from my adapter settings on my PC, Edge starts working. So when I use Pi-hole with Unbound or with 1.1.1.1 I cannot access the website on Edge Browser. But when I changed my dns on PC adapter settings to 1.1.1.1 I am able to connect the website on Edge Browser. I believe there is something wrong with browser and Pi-hole. I tried enabling and disableing DNSSEC but didn't efect a thing.

Bucking_Horn · February 10, 2024, 2:00pm

SSL negotiation only starts once DNS resolution has successfully completed, so I doubt that your observation is related to Pi-hole, unless you'd be blocking OCSP responder domains used to check certificate validity of a variety specifically used by Edge exclusively.

nightynight · February 11, 2024, 10:51am

Ubuntu Firefox => Gives SSL error
Ubuntu Chromium => Gives SSL error
Ubuntu Brave => Website Reachable

Windows Chrome => Website Reachable
Windows edge => Gives SSL error

Android Samsung Internet => Gives SSL error
Android Chrome => Gives SSL error

Note: All of the clients get DNS server IP's from LAN Group set from Router.
Note 2: There are HTTPS type queries that returns NODATA on pi-hole dasboard

How can I check is there any blocking?

Edit: I tried openssl s_client -connect google.com:443 and google.com returned a certificate. When I tried with that site it stucked with:

CONNECTED(00000003)

Edit 2: I just checked with 8.8.8.8 and the dns result is different from 1.1.1.1 But mine is same as 1.1.1.1 .

nightynight · February 11, 2024, 5:30pm

I got it working. Some how adding www. to the websites made it work. I checked and the IP addresses are different with www and without. I am able to reach it with www. But I don'T understand why it works on PC but not on Android withou www.

nightynight · March 3, 2024, 7:06am

I seems adding www. to domain doesn't solve every websites. I just try to access surfshark.com but I could. It gave mi SSL error. I set up an VPN and i was able to access the website with the same device and browser. Is it possible that my ISP blocks it somehow ? But I am able to access it via mobile carrier.

system · March 24, 2024, 7:06am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.