Unbound Upstream ERR_SSL_PROTOCOL_ERROR

Hi everyone,

I recently intalled pi hole one my Raspberry 5. I am using it wih unbound upstream. Everything was fine. But I some web sites gives ERR_SSL_PROTOCOL_ERROR. (I have to sensored to domain sorry about that.)

I noticed websites works on PC when using Chrome but errors are only happening when using edge on PC or any browser on Android.

I compared the results using dig with 1.1.1.1 and unbound and pi.hole. Results are the same. I disabled all hosts. But couldn't figured it out

If someone can guide me on how can I debug such situation, it would be greate.

If the results are the same for all 3, this doesn't look like an issue with Unbound.

Test using different browsers on the same device. Also test using different devices.

Pay attention to browser's special DNS configurations (like DoH, "Secure DNS", etc.). They could be the cause of the different behavior between browsers.

When I chaged dns to 1.1.1.1 from my adapter settings on my PC, Edge starts working. So when I use Pi-hole with Unbound or with 1.1.1.1 I cannot access the website on Edge Browser. But when I changed my dns on PC adapter settings to 1.1.1.1 I am able to connect the website on Edge Browser. I believe there is something wrong with browser and Pi-hole. I tried enabling and disableing DNSSEC but didn't efect a thing.

SSL negotiation only starts once DNS resolution has successfully completed, so I doubt that your observation is related to Pi-hole, unless you'd be blocking OCSP responder domains used to check certificate validity of a variety specifically used by Edge exclusively.

Ubuntu Firefox => Gives SSL error
Ubuntu Chromium => Gives SSL error
Ubuntu Brave => Website Reachable

Windows Chrome => Website Reachable
Windows edge => Gives SSL error

Android Samsung Internet => Gives SSL error
Android Chrome => Gives SSL error

Note: All of the clients get DNS server IP's from LAN Group set from Router.
Note 2: There are HTTPS type queries that returns NODATA on pi-hole dasboard

How can I check is there any blocking?

Edit: I tried openssl s_client -connect google.com:443 and google.com returned a certificate. When I tried with that site it stucked with:

CONNECTED(00000003)

Edit 2: I just checked with 8.8.8.8 and the dns result is different from 1.1.1.1 But mine is same as 1.1.1.1 .

I got it working. Some how adding www. to the websites made it work. I checked and the IP addresses are different with www and without. I am able to reach it with www. But I don'T understand why it works on PC but not on Android withou www.