DNS Resolver - strange lookup (Vodafone WiFiCalling not working)
-
Hi,
I've discovered that the Vodafone WiFi Calling was not working anymore since I've switched my DNS lookups to be made from unbound directly instead of sending them to my ISP's upstream DNS servers.
Other lookup's went fine, so I've made a Wireshark trace from the queries of my iPhone to pfSense.
This is the query of the iPhone:
Queries epdg.epc.drz1.vodafone-ip.de: type A, class IN Name: epdg.epc.drz1.vodafone-ip.de [Name Length: 28] [Label Count: 5] Type: A (Host Address) (1) Class: IN (0x0001)
And this is what pfSense/unbound responds:
Domain Name System (response) [Request In: 23] [Time: 0.000149000 seconds] Transaction ID: 0x7fa5 Flags: 0x8180 Standard query response, No error Questions: 1 Answer RRs: 0 Authority RRs: 3 Additional RRs: 3 Queries epdg.epc.drz1.vodafone-ip.de: type A, class IN Name: epdg.epc.drz1.vodafone-ip.de [Name Length: 28] [Label Count: 5] Type: A (Host Address) (1) Class: IN (0x0001) Authoritative nameservers drz1.vodafone-ip.de: type NS, class IN, ns drns3.vodafone-ip.de drz1.vodafone-ip.de: type NS, class IN, ns drns2.vodafone-ip.de drz1.vodafone-ip.de: type NS, class IN, ns drns1.vodafone-ip.de Name: drz1.vodafone-ip.de Type: NS (authoritative Name Server) (2) Class: IN (0x0001) Time to live: 43200 Data length: 8 Name Server: drns1.vodafone-ip.de Additional records drns1.vodafone-ip.de: type A, class IN, addr 145.253.3.32 Name: drns1.vodafone-ip.de Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 43200 Data length: 4 Address: 145.253.3.32 drns2.vodafone-ip.de: type A, class IN, addr 145.253.3.34 drns3.vodafone-ip.de: type A, class IN, addr 145.253.3.36
So, unbound returns the autoritative NS' for the query and at this point the story ends - the original query of the client is not fulfilled and WiFi calling is not working.
Shouldn't unbound make a new query to the autoritative NS in the background and present the solution for the original request - the A record of "epdg.epc.drz1.vodafone-ip.de"?
The only solution to get WiFi Calling working is to add a domain override to the DNS resolver: Send all queries of the domain "vodafone-ip.de" to the upstream DNS 145.32.3.32 which is one of the reported autoritative DNS servers. But wouldn't that be unbound's background job for the original query?
-
@jacotec said in DNS Resolver - strange lookup (Vodafone WiFiCalling not working):
epdg.epc.drz1.vodafone-ip.de
that is not a resolver problem that is a problem with it not resolving on the public internet... All you get back is SOA... You need to contact your ISP why that doesn't resolve on the public internet and only when using their dns..
Your fix would be setting up a domain override to query their specific ns to bypass their broken dns setup.
;; QUESTION SECTION:
;epdg.epc.drz1.vodafone-ip.de. IN A;; AUTHORITY SECTION:
drz1.vodafone-ip.de. 3553 IN SOA drns1.vodafone-ip.de.drz1.vodafone-ip.de. hostmaster.drns1.vodafone-ip.de.drz1.vodafone-ip.de. 2016090906 10800 3600 604800 600If their listed NS and SOA do not answer for the record then its not a problem with unbound or resolving its a problem with their NS setup.
-
@johnpoz said in DNS Resolver - strange lookup (Vodafone WiFiCalling not working):
Your fix would be setting up a domain override to query their specific ns to bypass their broken dns setup.
Thank you, John! I've supposed something like that ... but I'm not a deep DNS expert so I wanted to be sure before I approach them.
They are known to use DNS to make sure their WiFi Calling just works inside Germany (stupid, but true) - however, my IP is a German one but it seems they're not recognizing that and maybe as a result do not resolve my queries.
-
That domain is borked completely.. Their SOA doesn't even resolve... So seems they want only their clients using their dns to be able to resolve that.
-
I think it is not broken. Vodafone do not want their clients to use WiFi calling outside Germany.
So the hostname epdg.epc.drz1.vodafone-ip.de is only resolved in Germany.
I experienced the issue with my companies network. We were bought an american company. They switched the firewall etc to US. Ie all DNS queries were routed through US. From that time onwards WiFi calling was not working any longer.
I asked them to add an exception ie the domain vodafone-ip.de should directly be queried at drz1.vodafone-ip.de
Then it was working again.