Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver - strange lookup (Vodafone WiFiCalling not working)

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jacotec
      last edited by

      Hi,

      I've discovered that the Vodafone WiFi Calling was not working anymore since I've switched my DNS lookups to be made from unbound directly instead of sending them to my ISP's upstream DNS servers.

      Other lookup's went fine, so I've made a Wireshark trace from the queries of my iPhone to pfSense.

      This is the query of the iPhone:

      Queries
          epdg.epc.drz1.vodafone-ip.de: type A, class IN
              Name: epdg.epc.drz1.vodafone-ip.de
              [Name Length: 28]
              [Label Count: 5]
              Type: A (Host Address) (1)
              Class: IN (0x0001)
      

      And this is what pfSense/unbound responds:

      Domain Name System (response)
          [Request In: 23]
          [Time: 0.000149000 seconds]
          Transaction ID: 0x7fa5
          Flags: 0x8180 Standard query response, No error
          Questions: 1
          Answer RRs: 0
          Authority RRs: 3
          Additional RRs: 3
          Queries
              epdg.epc.drz1.vodafone-ip.de: type A, class IN
                  Name: epdg.epc.drz1.vodafone-ip.de
                  [Name Length: 28]
                  [Label Count: 5]
                  Type: A (Host Address) (1)
                  Class: IN (0x0001)
          Authoritative nameservers
              drz1.vodafone-ip.de: type NS, class IN, ns drns3.vodafone-ip.de
              drz1.vodafone-ip.de: type NS, class IN, ns drns2.vodafone-ip.de
              drz1.vodafone-ip.de: type NS, class IN, ns drns1.vodafone-ip.de
                  Name: drz1.vodafone-ip.de
                  Type: NS (authoritative Name Server) (2)
                  Class: IN (0x0001)
                  Time to live: 43200
                  Data length: 8
                  Name Server: drns1.vodafone-ip.de
          Additional records
              drns1.vodafone-ip.de: type A, class IN, addr 145.253.3.32
                  Name: drns1.vodafone-ip.de
                  Type: A (Host Address) (1)
                  Class: IN (0x0001)
                  Time to live: 43200
                  Data length: 4
                  Address: 145.253.3.32
              drns2.vodafone-ip.de: type A, class IN, addr 145.253.3.34
              drns3.vodafone-ip.de: type A, class IN, addr 145.253.3.36
      
      

      So, unbound returns the autoritative NS' for the query and at this point the story ends - the original query of the client is not fulfilled and WiFi calling is not working.

      Shouldn't unbound make a new query to the autoritative NS in the background and present the solution for the original request - the A record of "epdg.epc.drz1.vodafone-ip.de"?

      The only solution to get WiFi Calling working is to add a domain override to the DNS resolver: Send all queries of the domain "vodafone-ip.de" to the upstream DNS 145.32.3.32 which is one of the reported autoritative DNS servers. But wouldn't that be unbound's background job for the original query?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        @jacotec said in DNS Resolver - strange lookup (Vodafone WiFiCalling not working):

        epdg.epc.drz1.vodafone-ip.de

        that is not a resolver problem that is a problem with it not resolving on the public internet... All you get back is SOA... You need to contact your ISP why that doesn't resolve on the public internet and only when using their dns..

        Your fix would be setting up a domain override to query their specific ns to bypass their broken dns setup.

        ;; QUESTION SECTION:
        ;epdg.epc.drz1.vodafone-ip.de. IN A

        ;; AUTHORITY SECTION:
        drz1.vodafone-ip.de. 3553 IN SOA drns1.vodafone-ip.de.drz1.vodafone-ip.de. hostmaster.drns1.vodafone-ip.de.drz1.vodafone-ip.de. 2016090906 10800 3600 604800 600

        If their listed NS and SOA do not answer for the record then its not a problem with unbound or resolving its a problem with their NS setup.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • J
          jacotec
          last edited by

          @johnpoz said in DNS Resolver - strange lookup (Vodafone WiFiCalling not working):

          Your fix would be setting up a domain override to query their specific ns to bypass their broken dns setup.

          Thank you, John! I've supposed something like that ... but I'm not a deep DNS expert so I wanted to be sure before I approach them.

          They are known to use DNS to make sure their WiFi Calling just works inside Germany (stupid, but true) - however, my IP is a German one but it seems they're not recognizing that and maybe as a result do not resolve my queries.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            That domain is borked completely.. Their SOA doesn't even resolve... So seems they want only their clients using their dns to be able to resolve that.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • E
              emi
              last edited by

              I think it is not broken. Vodafone do not want their clients to use WiFi calling outside Germany.
              So the hostname epdg.epc.drz1.vodafone-ip.de is only resolved in Germany.
              I experienced the issue with my companies network. We were bought an american company. They switched the firewall etc to US. Ie all DNS queries were routed through US. From that time onwards WiFi calling was not working any longer.
              I asked them to add an exception ie the domain vodafone-ip.de should directly be queried at drz1.vodafone-ip.de
              Then it was working again.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.