DNS Resolver - strange lookup (Vodafone WiFiCalling not working)



  • Hi,

    I’ve discovered that the Vodafone WiFi Calling was not working anymore since I’ve switched my DNS lookups to be made from unbound directly instead of sending them to my ISP’s upstream DNS servers.

    Other lookup’s went fine, so I’ve made a Wireshark trace from the queries of my iPhone to pfSense.

    This is the query of the iPhone:

    Queries
        epdg.epc.drz1.vodafone-ip.de: type A, class IN
            Name: epdg.epc.drz1.vodafone-ip.de
            [Name Length: 28]
            [Label Count: 5]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    

    And this is what pfSense/unbound responds:

    Domain Name System (response)
        [Request In: 23]
        [Time: 0.000149000 seconds]
        Transaction ID: 0x7fa5
        Flags: 0x8180 Standard query response, No error
        Questions: 1
        Answer RRs: 0
        Authority RRs: 3
        Additional RRs: 3
        Queries
            epdg.epc.drz1.vodafone-ip.de: type A, class IN
                Name: epdg.epc.drz1.vodafone-ip.de
                [Name Length: 28]
                [Label Count: 5]
                Type: A (Host Address) (1)
                Class: IN (0x0001)
        Authoritative nameservers
            drz1.vodafone-ip.de: type NS, class IN, ns drns3.vodafone-ip.de
            drz1.vodafone-ip.de: type NS, class IN, ns drns2.vodafone-ip.de
            drz1.vodafone-ip.de: type NS, class IN, ns drns1.vodafone-ip.de
                Name: drz1.vodafone-ip.de
                Type: NS (authoritative Name Server) (2)
                Class: IN (0x0001)
                Time to live: 43200
                Data length: 8
                Name Server: drns1.vodafone-ip.de
        Additional records
            drns1.vodafone-ip.de: type A, class IN, addr 145.253.3.32
                Name: drns1.vodafone-ip.de
                Type: A (Host Address) (1)
                Class: IN (0x0001)
                Time to live: 43200
                Data length: 4
                Address: 145.253.3.32
            drns2.vodafone-ip.de: type A, class IN, addr 145.253.3.34
            drns3.vodafone-ip.de: type A, class IN, addr 145.253.3.36
    
    

    So, unbound returns the autoritative NS’ for the query and at this point the story ends - the original query of the client is not fulfilled and WiFi calling is not working.

    Shouldn’t unbound make a new query to the autoritative NS in the background and present the solution for the original request - the A record of “epdg.epc.drz1.vodafone-ip.de”?

    The only solution to get WiFi Calling working is to add a domain override to the DNS resolver: Send all queries of the domain “vodafone-ip.de” to the upstream DNS 145.32.3.32 which is one of the reported autoritative DNS servers. But wouldn’t that be unbound’s background job for the original query?


  • Rebel Alliance

    @jacotec said in DNS Resolver - strange lookup (Vodafone WiFiCalling not working):

    epdg.epc.drz1.vodafone-ip.de

    that is not a resolver problem that is a problem with it not resolving on the public internet… All you get back is SOA… You need to contact your ISP why that doesn’t resolve on the public internet and only when using their dns…

    Your fix would be setting up a domain override to query their specific ns to bypass their broken dns setup.

    ;; QUESTION SECTION:
    ;epdg.epc.drz1.vodafone-ip.de. IN A

    ;; AUTHORITY SECTION:
    drz1.vodafone-ip.de. 3553 IN SOA drns1.vodafone-ip.de.drz1.vodafone-ip.de. hostmaster.drns1.vodafone-ip.de.drz1.vodafone-ip.de. 2016090906 10800 3600 604800 600

    If their listed NS and SOA do not answer for the record then its not a problem with unbound or resolving its a problem with their NS setup.



  • @johnpoz said in DNS Resolver - strange lookup (Vodafone WiFiCalling not working):

    Your fix would be setting up a domain override to query their specific ns to bypass their broken dns setup.

    Thank you, John! I’ve supposed something like that … but I’m not a deep DNS expert so I wanted to be sure before I approach them.

    They are known to use DNS to make sure their WiFi Calling just works inside Germany (stupid, but true) - however, my IP is a German one but it seems they’re not recognizing that and maybe as a result do not resolve my queries.


  • Rebel Alliance

    That domain is borked completely… Their SOA doesn’t even resolve… So seems they want only their clients using their dns to be able to resolve that.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy