Nslookup returns “Query refused” for all login.microsoftonline.com lookups

All Windows nslookups lookups are getting “Query refused” replies from 1.1.1.1 , 1.1.1.2 , 1.1.1.3 for familiar sites like login.microsoftonline.com and all variations of those urls.

nslookup login.microsoftonline.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

*** login.microsoftonline.com wurde von one.one.one.one not found: Query refused.

The source IP is 217.235.78.19

Querying other domains works fine:

nslookup test.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authorative answer:
Name:    test.com
Address:  67.225.146.248

Same problem here. This is terrible

Hello everyone

Same issue as here: Why is 1.1.1.3 blocking login.microsoftonline.com

Currently the resolvers 1.1.1.1 and 1.1.1.3 aren’t responding correctly. Therefore our customers can’t login to our services provided with single-sign-on.

nslookup login.microsoftonline.com 1.1.1.1
;; Truncated, retrying in TCP mode.
;; Connection to 1.1.1.1#53(1.1.1.1) for login.microsoftonline.com failed: timed out.
;; Connection to 1.1.1.1#53(1.1.1.1) for login.microsoftonline.com failed: timed out.
;; Connection to 1.1.1.1#53(1.1.1.1) for login.microsoftonline.com failed: timed out.

I am unable to reproduce this issue with 1.1.1.1 or 1.1.1.3.

$ dig +noall +answer @1.1.1.1 login.microsoftonline.com                 
login.microsoftonline.com. 14216 IN	CNAME	login.mso.msidentity.com.
login.mso.msidentity.com. 116	IN	CNAME	ak.privatelink.msidentity.com.
ak.privatelink.msidentity.com. 116 IN	CNAME	www.tm.ak.prd.aadg.trafficmanager.net.
www.tm.ak.prd.aadg.trafficmanager.net. 116 IN A	20.190.159.1
www.tm.ak.prd.aadg.trafficmanager.net. 116 IN A	40.126.31.72
www.tm.ak.prd.aadg.trafficmanager.net. 116 IN A	40.126.31.68
www.tm.ak.prd.aadg.trafficmanager.net. 116 IN A	20.190.159.74
www.tm.ak.prd.aadg.trafficmanager.net. 116 IN A	20.190.159.70
www.tm.ak.prd.aadg.trafficmanager.net. 116 IN A	40.126.31.70
www.tm.ak.prd.aadg.trafficmanager.net. 116 IN A	20.190.159.19
www.tm.ak.prd.aadg.trafficmanager.net. 116 IN A	20.190.159.5

$ dig +noall +answer @1.1.1.3 login.microsoftonline.com
login.microsoftonline.com. 14317 IN	CNAME	login.mso.msidentity.com.
login.mso.msidentity.com. 217	IN	CNAME	ak.privatelink.msidentity.com.
ak.privatelink.msidentity.com. 217 IN	CNAME	www.tm.ak.prd.aadg.trafficmanager.net.
www.tm.ak.prd.aadg.trafficmanager.net. 217 IN A	40.126.32.135
www.tm.ak.prd.aadg.trafficmanager.net. 217 IN A	40.126.32.75
www.tm.ak.prd.aadg.trafficmanager.net. 217 IN A	20.190.160.23
www.tm.ak.prd.aadg.trafficmanager.net. 217 IN A	20.190.160.21
www.tm.ak.prd.aadg.trafficmanager.net. 217 IN A	20.190.160.13
www.tm.ak.prd.aadg.trafficmanager.net. 217 IN A	40.126.32.139
www.tm.ak.prd.aadg.trafficmanager.net. 217 IN A	20.190.160.15
www.tm.ak.prd.aadg.trafficmanager.net. 217 IN A	40.126.32.132

This looks like a network error. 1.1.1.1 for Families returns 0.0.0.0 if the domain is blocked, it does not refuse the connection.

It works on my iOS and Linux devices, but says “Query reefused” on Windows Machine

Hi, would you be able to go to https://1.1.1.1/help and share the output?

https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJGUkEiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==

Same problem for me.
IOS+Mac works without problems, but MS Windows says “Query refused”.
my link:

https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6IlllcyIsImRhdGFjZW50ZXJMb2NhdGlvbiI6IkZSQSIsImlzV2FycCI6Ik5vIiwiaXNwTmFtZSI6IkNsb3VkZmxhcmUiLCJpc3BBc24iOiIxMzMzNSJ9

@sebastiaan So we found out using DNS over HTTPS (DoH) it works. Maybe the response is too long in UDP as the answer gets truncated?

Same issue for me, no matter if with TLS or without encryption.
Also affects consumer auth page live.com (and subdomains like login.live.com etc.)

Unencrypted

[type or paste code here](https://cloudflare-dns.com/help/#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJGUkEiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==)

TLS

[type or paste code here](https://cloudflare-dns.com/help/#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJZZXMiLCJpc0RvaCI6Ik5vIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6Ik5vIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6Ik5vIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiRlJBIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=)

The problem should now be resolved. Thanks for bringing it to our attention, and if you have any further issues please let us know.

The same issue today for login.windows.net

https://cloudflare-dns.com/help/#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJZZXMiLCJpc0RvaCI6Ik5vIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6Ik5vIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6Ik5vIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiRlJBIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.