Re: Named issues with T-Mobile 5G for Business

Philip Prindeville via bind-users Mon, 05 Jan 2026 15:53:00 -0800


> On Jan 5, 2026, at 4:29 PM, Philip Prindeville via bind-users 
> <[email protected]> wrote:
> 
> Since I switched over from Sparklight (DOCSIS MSP) to T-Mobile (5G) I've had 
> a world of hurt including timed out inbound and outbound connections, as well 
> as DNS failures:
> 
> Jan  5 16:10:39 OpenWrt2 named[21948]: validating global.dexcom.com/CNAME: no 
> valid signature found
> Jan  5 16:10:39 OpenWrt2 named[21948]: validating global.dexcom.com/CNAME: no 
> valid signature found
> Jan  5 16:10:40 OpenWrt2 named[21948]: validating 
> accounts-api.dexcom.com/CNAME: no valid signature found
> Jan  5 16:10:40 OpenWrt2 named[21948]: validating 
> accounts-api.dexcom.com/CNAME: no valid signature found
> Jan  5 16:10:41 OpenWrt2 named[21948]:   validating dexcom.com/SOA: no valid 
> signature found
> Jan  5 16:10:41 OpenWrt2 named[21948]:   validating 
> 0ps3e2esgssv8i3c82tuahqgb0c51d02.dexcom.com/NSEC3: no valid signature found
> Jan  5 16:10:41 OpenWrt2 named[21948]: validating 
> mobile.share-us.dexcom.com/CNAME: no valid signature found
> Jan  5 16:10:41 OpenWrt2 named[21948]: validating 
> mobile.share-us.dexcom.com/CNAME: no valid signature found
> Jan  5 16:16:58 OpenWrt2 named[21948]: shut down hung fetch while resolving 
> 0x7fb92cf82800(gsp-ssl.ls-apple.com.akadns.net/HTTPS)
> Jan  5 16:16:58 OpenWrt2 named[21948]: shut down hung fetch while resolving 
> 0x7fb92e513400(gsp-ssl.ls-apple.com.akadns.net/A)
> Jan  5 16:19:06 OpenWrt2 named[21948]: shut down hung fetch while resolving 
> 0x7fb92ee19400(mesu-cdn.origin-apple.com.akadns.net/HTTPS)
> Jan  5 16:19:06 OpenWrt2 named[21948]: shut down hung fetch while resolving 
> 0x7fb92ee1a800(mesu-cdn.origin-apple.com.akadns.net/A)
> Jan  5 16:21:33 OpenWrt2 named[21948]: loop detected resolving 
> 'evergreen.v6.afraid.org/A'
> Jan  5 16:23:11 OpenWrt2 named[21948]: shut down hung fetch while resolving 
> 0x7fb92d060800(self.events.data.microsoft.com/A)
> Jan  5 16:23:11 OpenWrt2 named[21948]: shut down hung fetch while resolving 
> 0x7fb9305a4000(self.events.data.microsoft.com/HTTPS)
> 
> And timeout messages about 127.0.0.1:53 ...


Specifically this:

root@OpenWrt2:~# dig -ta hulu.com.
;; communications error to 127.0.0.1#53: timed out

; <<>> DiG 9.20.15 <<>> -ta hulu.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64907
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f719c8b5c0282dbf01000000695c4e1bd730c194c3a700d6 (good)
; EDE: 22 (No Reachable Authority)
;; QUESTION SECTION:
;hulu.com. IN A

;; Query time: 4998 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Jan 05 16:49:47 MST 2026
;; MSG SIZE  rcvd: 71

root@OpenWrt2:~# 


Nothing notable in /var/log/messages however.



> 
> Anyone know what this is about or what the fix is (besides picking a better 
> carrier)?
> 
> My config is:
> 
> // This is the primary configuration file for the BIND DNS server named.
> 
> options {
> // Default directory for ephemeral zones, long-lived zones
> // can be stored under /var/lib/bind (aka /etc/bind/zones)
> directory "/var/cache/bind";
> 
> // This is used e.g. by isc-dhcp
> allow-new-zones yes;
> disable-empty-zone 168.192.in-addr.arpa; // @@@ delete me
> 
> recursion yes;
> 
> // note that all subnets are visible to each other;
> // if we wished to isolate them we could use "views".
> allow-query {
> localhost;
> 192.168.3.0/24;
> };
> 
> auth-nxdomain no;    # conform to RFC1035
> 
> allow-transfer { none; };
> dnssec-validation auto;
> listen-on-v6 { none; };
> query-source-v6 none;
> listen-on {
> 127.0.0.1;
> 192.168.3.1;
> };
> 
> // hopefully we'll stop exhausting memory
> max-cache-size 128M;
> clients-per-query 50;
> };
> 
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
> 
> And I'm running:
> 
> BIND 9.20.15 (Stable Release) <id:0c0fcf7>
> running on Linux x86_64 6.12.60 #0 SMP PREEMPT_RT Sat Dec  6 18:24:04 2025
> built by make with  '--target=x86_64-openwrt-linux' 
> '--host=x86_64-openwrt-linux' '--build=x86_64-pc-linux-gnu' 
> '--disable-dependency-tracking' '--program-prefix=' '--program-suffix=' 
> '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' 
> '--sbindir=/usr/sbin' '--libexecdir=/usr/lib' '--sysconfdir=/etc' 
> '--datadir=/usr/share' '--localstatedir=/var' '--mandir=/usr/man' 
> '--infodir=/usr/info' '--disable-geoip' 
> '--with-openssl=/home/philipp/lede/staging_dir/target-x86_64_musl/usr' 
> '--without-lmdb' '--without-readline' '--sysconfdir=/etc/bind' 
> '--with-json-c=no' '--with-libxml2=yes' '--with-jemalloc=yes' '--disable-doh' 
> '--without-gssapi' 'build_alias=x86_64-pc-linux-gnu' 
> 'host_alias=x86_64-openwrt-linux' 'target_alias=x86_64-openwrt-linux' 
> 'CC=x86_64-openwrt-linux-musl-gcc' 'CFLAGS=-Os -pipe -g3 -fno-caller-saves 
> -fno-plt -fhonour-copts 
> -fmacro-prefix-map=/home/philipp/lede/build_dir/target-x86_64_musl/bind-9.20.15=bind-9.20.15
>  -Wformat -Werror=format-security -fstack-protector -D_FORT
> IFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -Wl,-z,pack-relative-relocs   ' 
> 'LDFLAGS=-L/home/philipp/lede/staging_dir/toolchain-x86_64_gcc-14.3.0_musl/usr/lib
>  -L/home/philipp/lede/staging_dir/toolchain-x86_64_gcc-14.3.0_musl/lib 
> -fuse-ld=bfd -znow -zrelro -zpack-relative-relocs   
> -Wl,--gc-sections,--as-needed 
> -Wl,-rpath-link,/home/philipp/lede/build_dir/target-x86_64_musl/bind-9.20.15/lib/ns/.libs
>  ' 
> 'CPPFLAGS=-I/home/philipp/lede/staging_dir/toolchain-x86_64_gcc-14.3.0_musl/usr/include
>  -I/home/philipp/lede/staging_dir/toolchain-x86_64_gcc-14.3.0_musl/include 
> -I/home/philipp/lede/staging_dir/toolchain-x86_64_gcc-14.3.0_musl/include/fortify
>    ' 'PKG_CONFIG=/home/philipp/lede/staging_dir/host/bin/pkg-config' 
> 'PKG_CONFIG_PATH=/home/philipp/lede/staging_dir/target-x86_64_musl/usr/lib/pkgconfig:/home/philipp/lede/staging_dir/target-x86_64_musl/usr/share/pkgconfig'
>  
> 'PKG_CONFIG_LIBDIR=/home/philipp/lede/staging_dir/target-x86_64_musl/usr/lib/pkgconfig:/home/philipp/lede/staging_dir/target-x86_64_m
> usl/usr/share/pkgconfig'
> compiled by GCC 14.3.0
> compiled with OpenSSL version: OpenSSL 3.5.4 30 Sep 2025
> linked to OpenSSL version: OpenSSL 3.5.4 30 Sep 2025
> compiled with libuv version: 1.48.0
> linked to libuv version: 1.48.0
> compiled with liburcu version: 0.15.5
> compiled with jemalloc version: 0.0.0
> compiled with libxml2 version: 2.15.1
> linked to libxml2 version: 21501
> compiled with zlib version: 1.3.1
> linked to zlib version: 1.3.1
> threads support is enabled
> DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 
> ECDSAP384SHA384 ED25519 ED448
> DS algorithms: SHA-1 SHA-256 SHA-384
> HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 
> HMAC-SHA512
> TKEY mode 2 support (Diffie-Hellman): no
> TKEY mode 3 support (GSS-API): no
> 
> default paths:
>  named configuration:  /etc/bind/named.conf
>  rndc configuration:   /etc/bind/rndc.conf
>  nsupdate session key: /var/run/named/session.key
>  named PID file:       /var/run/named/named.pid
> 
> 
> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list.

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list.

Re: Named issues with T-Mobile 5G for Business

Reply via email to