b140d4d82a
- 313 new markdown files created - 30 relationships embedded - 313 entries indexed - State initialized with usage data
1.7 KiB
| id | type | title | tags | importance | confidence | created | updated | relations | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 62b643f2-5ed7-4ea5-b87f-ef0687ad83ec | solution | Intermittent SSL errors caused by IPv6/IPv4 DNS conflicts |
|
0.8 | 0.8 | 2026-02-05T22:37:40.579202+00:00 | 2026-02-05T22:37:40.579202+00:00 |
|
Problem: ERR_SSL_UNRECOGNIZED_NAME_ALERT errors that work sometimes but fail other times from internal network.
Root Cause: Local DNS (Pi-hole) only overrides IPv4 records, but public DNS returns Cloudflare IPv6 addresses. Modern systems prefer IPv6, attempt connection to Cloudflare IPv6 (fails), sometimes fall back to IPv4 internal NPM (works). Creates intermittent failures.
Diagnosis:
- Check for multiple DNS records: nslookup domain 10.10.0.16
- Compare with public DNS: host domain 8.8.8.8
- Test IPv6 vs IPv4: curl -6 vs curl -4
- Verify IPv6 connectivity: ip -6 addr show | grep global
Solution (Recommended): Add non-routable IPv6 override to Pi-hole custom.list: ssh pihole "docker exec pihole bash -c 'echo "fe80::1 domain.example.com" >> /etc/pihole/custom.list'" ssh pihole "docker exec pihole pihole restartdns"
This forces clients to use IPv4 (10.10.0.16) by providing a non-routable IPv6 address.
Alternative Solutions:
- Remove Cloudflare DNS records (if public access not needed)
- Configure Cloudflare Tunnel for proper remote access
- Disable IPv6 on clients (temporary testing only)
Real-world case: git.manticorum.com resolved intermittently until fe80::1 IPv6 override added.
Documented in: networking/troubleshooting.md