I think you're right there, I have also seen another forum post hinting about this behaviour. Looks like opcode 0x1f is used as as escaping mechanism. Excellent to know!
I think I also discovered something about the other problem, too. Looks like ENQUIRY reports more data about the device, including the total number of blocks, if the host makes requests with the ENABLE VITAL PRODUCT DATA bit set and PAGE 0xb0 (Block Limits) parameter. Well, I guess I'll implement that next!