It could be location-dependent, both for origin and destination. Nonetheless, the problem instantly changes when DNS is changed, and goes away permanently with Q9. So I do believe Q9 is doing something better than Open.

Thanks anyways.

The fact that you have the same problem with Google Public DNS contradicts your theory.  I treat the Q9 case rather for coincidental.

If it would be a DNS problem, you had to analyze the DNS query results, like:

nslookup domain_name.

Btw, Apple uses nearly almost CNAMEs, and they seem to use the CDN service of Akamai.

nslookup idmsa.apple.com.
Server: fritz.box
Address: fd00::ca0e:14ff:fee9:8373

Nicht autorisierende Antwort:
Name: idmsa.apple.com.akadns.net
Address: 17.179.252.96
Aliases: idmsa.apple.com

I treat the case with Q9 as completely related. And what *seems* frequently isn’t. I did check the DNS results for idms.apple.com at Open, and it returned the same address for Europe and the US, although it split them up by country. That seems to point the problem towards DNS@Open.

This must be related to higher security awareness both at Apple also Q9 and possible upgrades on their side, so let’s hope experts at Open can figure it out and get Open up to date too. Not holding breath however, my account here is a free one. 

I have found something in the Q9 FAQ which could be related, that they do not send the EDNS Client Subnet to authoritative nameservers.  If you get better DNS results as when sending the EDNS Client Subnet, then it is likely that your IP address is associated with the wrong location, i.e. some geo-location issue, as you mentioned.  You can test this here: 
https://www.iplocation.net/

"let’s hope experts at Open can figure it out"

In this case you must raise a support ticket, "Submit a request" above.  Staff do not strictly monitor contributions in the community forum...

And indeed, I tested with a few domains' DNS queries, and typically Q9 returns IP addresses different from OpenDNS and Google.  Just an example:

nslookup idmsa.apple.com. 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Nicht autorisierende Antwort:
Name: idmsa.apple.com.akadns.net
Address: 17.179.252.96
Aliases: idmsa.apple.com


nslookup idmsa.apple.com. 9.9.9.9
Server: dns.quad9.net
Address: 9.9.9.9

Nicht autorisierende Antwort:
Name: idmsa.apple.com.akadns.net
Address: 17.32.194.38
Aliases: idmsa.apple.com


nslookup idmsa.apple.com. 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220

Nicht autorisierende Antwort:
Name: idmsa.apple.com.akadns.net
Address: 17.179.252.96
Aliases: idmsa.apple.com

That explains a lot... 
You should be aware that not sending the EDNS Client Subnet is suboptimal in many cases especially in conjunction with CDNs.  In your individual case it is coincidental to the contrary which can happen as well, but rather seldom.

And this is what "experts at Open can figure it out" as well.  There is probably nothing what they could improve except to introduce different resolver addresses where the EDNS Client Subnet is not being used, so that you have the option to choose from the one or the other.

My geolocation maps correctly using the link you have provided.

So it is confirmed, Q9 sends different addresses than Google and Open, which in my case also happens to be better addresses. It smells really bad to me. Why does the biggest kid in the cyber-security neighborhood Q9 send different addresses for super-secure Apple than Open or Google? Especially addresses that work anytime, every time? Because they’re ahead of the cyber security curve, simple as that. 

Something not right, that’s my ticket. If Open are not listening, phooey to them. I’m outta here. You should be too.

Anyway, thanks for the splendid analysis! Open needs to get in touch with you pronto.

No, I will not raise a ticket because of this, because as I said, I do not face any related problem.

"Why does the biggest kid in the cyber-security neighborhood Q9 send different addresses for super-secure Apple than Open or Google?"

This is most likely the answer: https://support.opendns.com/hc/en-us/articles/227987647 
But because you're "outta here", it is of minor relevance now.

I didn’t ask you to raise a ticket. I said Open needs to proactively fix. Your link is 10 months old and wants an email with as much information as possible. It’ll bring good cheer to hackers worldwide. Everybody happy? Yes. Bye.

"Your link is 10 months old"  ...and proves when they joined the project.  I do not see that this article has to expire.

"It’ll bring good cheer to hackers worldwide."

What?  Sorry, I don't understand what hacking had to do in this context.  You do not need to answer.

But I will. A page that hangs mysteriously under defined circumstances that can be easily replicated is opportunity. Especially a page used by millions worldwide. You do not need to answer because you won’t be able to come up with one. Thanks anyways, I do appreciate your analysis.

I do have an answer, or better an explanation, already posted above.

"Especially a page used by millions worldwide."

Well, OpenDNS has more than 80 Millions of users, and I find only one report about the issue with the Apple discussions site's login or others here?  Weird.  Are all other users blindly accepting the issue?  Hard to believe.

Ha ha. Most happily accept the default DNS supplied by their ISP. People who use custom DNS services are by definition a super minority compared to the public at large. How many are Apple users? A minority within a minority within a minority. With no patience for glaring imperfections. And definitely not posting on Open’s sleepy “send me a mail open me a ticket” forum. Onwards to Q9! Zum Wohl!