4. DNS Resolver - strange lookup (Vodafone WiFiCalling not working)

DNS Resolver - strange lookup (Vodafone WiFiCalling not working)

  • J

    Hi,

    I've discovered that the Vodafone WiFi Calling was not working anymore since I've switched my DNS lookups to be made from unbound directly instead of sending them to my ISP's upstream DNS servers.

    Other lookup's went fine, so I've made a Wireshark trace from the queries of my iPhone to pfSense.

    This is the query of the iPhone:

    Queries
    epdg.epc.drz1.vodafone-ip.de: type A, class IN
        Name: epdg.epc.drz1.vodafone-ip.de
        [Name Length: 28]
        [Label Count: 5]
        Type: A (Host Address) (1)
        Class: IN (0x0001)

    And this is what pfSense/unbound responds:

    Domain Name System (response)
    [Request In: 23]
    [Time: 0.000149000 seconds]
    Transaction ID: 0x7fa5
    Flags: 0x8180 Standard query response, No error
    Questions: 1
    Answer RRs: 0
    Authority RRs: 3
    Additional RRs: 3
    Queries
        epdg.epc.drz1.vodafone-ip.de: type A, class IN
            Name: epdg.epc.drz1.vodafone-ip.de
            [Name Length: 28]
            [Label Count: 5]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Authoritative nameservers
        drz1.vodafone-ip.de: type NS, class IN, ns drns3.vodafone-ip.de
        drz1.vodafone-ip.de: type NS, class IN, ns drns2.vodafone-ip.de
        drz1.vodafone-ip.de: type NS, class IN, ns drns1.vodafone-ip.de
            Name: drz1.vodafone-ip.de
            Type: NS (authoritative Name Server) (2)
            Class: IN (0x0001)
            Time to live: 43200
            Data length: 8
            Name Server: drns1.vodafone-ip.de
    Additional records
        drns1.vodafone-ip.de: type A, class IN, addr 145.253.3.32
            Name: drns1.vodafone-ip.de
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 43200
            Data length: 4
            Address: 145.253.3.32
        drns2.vodafone-ip.de: type A, class IN, addr 145.253.3.34
        drns3.vodafone-ip.de: type A, class IN, addr 145.253.3.36

    So, unbound returns the autoritative NS' for the query and at this point the story ends - the original query of the client is not fulfilled and WiFi calling is not working.

    Shouldn't unbound make a new query to the autoritative NS in the background and present the solution for the original request - the A record of "epdg.epc.drz1.vodafone-ip.de"?

    The only solution to get WiFi Calling working is to add a domain override to the DNS resolver: Send all queries of the domain "vodafone-ip.de" to the upstream DNS 145.32.3.32 which is one of the reported autoritative DNS servers. But wouldn't that be unbound's background job for the original query?

    0
  • LAYER 8 Global Moderator

    @jacotec said in DNS Resolver - strange lookup (Vodafone WiFiCalling not working):

    epdg.epc.drz1.vodafone-ip.de

    that is not a resolver problem that is a problem with it not resolving on the public internet... All you get back is SOA... You need to contact your ISP why that doesn't resolve on the public internet and only when using their dns..

    Your fix would be setting up a domain override to query their specific ns to bypass their broken dns setup.

    ;; QUESTION SECTION:
    ;epdg.epc.drz1.vodafone-ip.de. IN A

    ;; AUTHORITY SECTION:
    drz1.vodafone-ip.de. 3553 IN SOA drns1.vodafone-ip.de.drz1.vodafone-ip.de. hostmaster.drns1.vodafone-ip.de.drz1.vodafone-ip.de. 2016090906 10800 3600 604800 600

    If their listed NS and SOA do not answer for the record then its not a problem with unbound or resolving its a problem with their NS setup.

    0
  • J

    @johnpoz said in DNS Resolver - strange lookup (Vodafone WiFiCalling not working):

    Your fix would be setting up a domain override to query their specific ns to bypass their broken dns setup.

    Thank you, John! I've supposed something like that ... but I'm not a deep DNS expert so I wanted to be sure before I approach them.

    They are known to use DNS to make sure their WiFi Calling just works inside Germany (stupid, but true) - however, my IP is a German one but it seems they're not recognizing that and maybe as a result do not resolve my queries.

    0
  • LAYER 8 Global Moderator

    That domain is borked completely.. Their SOA doesn't even resolve... So seems they want only their clients using their dns to be able to resolve that.

    0
  • E

    I think it is not broken. Vodafone do not want their clients to use WiFi calling outside Germany.
    So the hostname epdg.epc.drz1.vodafone-ip.de is only resolved in Germany.
    I experienced the issue with my companies network. We were bought an american company. They switched the firewall etc to US. Ie all DNS queries were routed through US. From that time onwards WiFi calling was not working any longer.
    I asked them to add an exception ie the domain vodafone-ip.de should directly be queried at drz1.vodafone-ip.de
    Then it was working again.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy