<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="moz-cite-prefix">FWIW, we have `qname-minimization
      disabled;` in our config.</div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">Using RPZ in BIND seems to make it do
      things differently, causing it to surface problems like this more
      often than it would without RPZ. See this comment about a similar
      issue:
      <a class="moz-txt-link-freetext" href="https://gitlab.isc.org/isc-projects/bind9/-/issues/4787#note_470454">https://gitlab.isc.org/isc-projects/bind9/-/issues/4787#note_470454</a><br>
    </div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">On 2025-11-19 00:49, Crist Clark wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAAcrURLHKcoCF8XPLNfuYGDhi0QAgkdg7nNKD6M+Cv+1x55CPg@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="auto">QNAME minimization. Their non-compliant load
        balancers pretending to be authoritative servers give responses
        that break QNAME minimization.</div>
      <div dir="auto"><br>
      </div>
      <div><br>
        <div class="gmail_quote gmail_quote_container">
          <div dir="ltr" class="gmail_attr">On Tue, Nov 18, 2025 at
            8:06 PM Richard Laager via dns-operations <<a
              href="mailto:dns-operations@dns-oarc.net"
              moz-do-not-send="true" class="moz-txt-link-freetext">dns-operations@dns-oarc.net</a>>
            wrote:<br>
          </div>
          <blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><br>
            <br>
            <br>
            ---------- Forwarded message ----------<br>
            From: Richard Laager <<a href="mailto:rlaager@wiktel.com"
              target="_blank" moz-do-not-send="true"
              class="moz-txt-link-freetext">rlaager@wiktel.com</a>><br>
            To: <a href="mailto:dns-operations@lists.dns-oarc.net"
              target="_blank" moz-do-not-send="true"
              class="moz-txt-link-freetext">dns-operations@lists.dns-oarc.net</a><br>
            Cc: <br>
            Bcc: <br>
            Date: Tue, 18 Nov 2025 21:55:06 -0600<br>
            Subject: geo9/<a href="http://geo10.t-mobile.com"
              rel="noreferrer" target="_blank" moz-do-not-send="true">geo10.t-mobile.com</a>
            Returning NXDOMAIN for WiFi Calling<br>
            <div>
              <div>
                <p>Anyone have a good contact for T-Mobile authoritative
                  DNS? I've had no response from <a
                    href="mailto:dnsadmin@t-mobile.com" target="_blank"
                    moz-do-not-send="true" class="moz-txt-link-freetext">dnsadmin@t-mobile.com</a>.<br>
                </p>
                <p>My customers are reporting that T-Mobile WiFi calling
                  (sometimes) does not work on our Internet service.
                  This appears to be due to DNS resolution failures.</p>
                <p>The cause of the failures seems to be that <a
                    href="http://geo9.t-mobile.com" target="_blank"
                    moz-do-not-send="true">geo9.t-mobile.com</a> and <a
                    href="http://geo10.t-mobile.com" target="_blank"
                    moz-do-not-send="true">geo10.t-mobile.com</a>
                  incorrectly return NXDOMAIN when queried for NS
                  records for <a
href="http://epdg.epc.geo.mnc260.mcc310.pub.3gppnetwork.org"
                    target="_blank" moz-do-not-send="true">epdg.epc.geo.mnc260.mcc310.pub.3gppnetwork.org</a>
                  and <a
href="http://epc.geo.mnc260.mcc310.pub.3gppnetwork.org" target="_blank"
                    moz-do-not-send="true">epc.geo.mnc260.mcc310.pub.3gppnetwork.org</a>.
                  Note that they correctly return an answer when queried
                  for A records. See also: <a
href="https://dnsviz.net/d/epdg.epc.mnc260.mcc310.pub.3gppnetwork.org/dnssec/"
                    target="_blank" moz-do-not-send="true"
                    class="moz-txt-link-freetext">https://dnsviz.net/d/epdg.epc.mnc260.mcc310.pub.3gppnetwork.org/dnssec/</a></p>
              </div>
              <pre cols="72" style="font-family:monospace">-- 
Richard
</pre>
            </div>
            <br>
            <br>
            <br>
            ---------- Forwarded message ----------<br>
            From: Richard Laager via dns-operations <<a
              href="mailto:dns-operations@dns-oarc.net" target="_blank"
              moz-do-not-send="true" class="moz-txt-link-freetext">dns-operations@dns-oarc.net</a>><br>
            To: <a href="mailto:dns-operations@lists.dns-oarc.net"
              target="_blank" moz-do-not-send="true"
              class="moz-txt-link-freetext">dns-operations@lists.dns-oarc.net</a><br>
            Cc: <br>
            Bcc: <br>
            Date: Tue, 18 Nov 2025 21:55:06 -0600<br>
            Subject: [dns-operations] geo9/<a
              href="http://geo10.t-mobile.com" rel="noreferrer"
              target="_blank" moz-do-not-send="true">geo10.t-mobile.com</a>
            Returning NXDOMAIN for WiFi Calling<br>
            _______________________________________________<br>
            dns-operations mailing list<br>
            <a href="mailto:dns-operations@lists.dns-oarc.net"
              target="_blank" moz-do-not-send="true"
              class="moz-txt-link-freetext">dns-operations@lists.dns-oarc.net</a><br>
            <a
href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations"
              rel="noreferrer" target="_blank" moz-do-not-send="true"
              class="moz-txt-link-freetext">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
          </blockquote>
        </div>
      </div>
    </blockquote>
    <p><br>
    </p>
    <pre class="moz-signature" cols="72">-- 
Richard</pre>
  </body>
</html>