All Windows nslookups and Pi Hole lookups are getting “Query refused” replies from 1.1.1.1
, 1.1.1.2
, 1.1.1.3
for familiar sites like hotels.com
and microsoft.com
and all variations of those urls.
Example:
nslookup www.microsoft.com.
1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1
*** one.one.one.one
can’t find www.microsoft.com.
: Query refused
nslookups and pi hole lookups using any other DNS provider are working fine/returning the correct results.
nslookup www.microsoft.com.
8.8.8.8
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Name: e13678.dscb.akamaiedge.net
Addresses: 2600:1408:9000:785::356e
2600:1408:9000:794::356e
23.210.1.184
Aliases: www.microsoft.com
www.microsoft.com-c-3.edgekey.net
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
What is wrong with CloudFront’s DNS resolvers?
NOTE: while I was researching and typing this message, hotels.com
began to resolve correctly via CloudFronts DNS servers, but ALL microsoft.com
are still failing
I can’t seem to reproduce this on either 1.1.1.1
, 1.1.1.2
, or 1.1.1.3
.
Can you show us the output of https://1.1.1.1/help ?
It sounds like you’re getting this from a number of computers, which makes me suspect it’s your ISP or country.
https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJBVEwiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==
This reproduces for me on 1.1.1.1 and 1.0.0.1
teams.microsoft.com
gives:
Server: one.one.one.one
Address: 1.1.1.1
*** one.one.one.one can’t find teams.microsoft.com
: Non-existent domain
It’s important to note that the same query does work fine with OpenDNS and DNS.WATCH.
Thanks!
https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJBVEwiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==
Looks like we’re both on the ATL datacenter, so perhaps that is why we see it while others do not?
1 Like
Hi,
Thanks for the report.
We detected random prefix attack on microsoft.com domain and our automatic attack mitigation started refusing queries for random prefixes. We have temporarily disabled automatic attack mitigation for microsoft.com and will improve our detection of valid names while still blocking random prefix attacks.
Can you check again ?
Thanks
1 Like
Hi,
I’m now receiving proper responses from 1.1.1.1
and 1.1.1.3
(and all variations of Cloudflare DNS)
examples:
nslookup www.microsoft.com. 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
Name: e13678.dscb.akamaiedge.net
Addresses: 2600:1402:b800:989::356e
2600:1402:b800:98d::356e
2600:1402:b800:980::356e
2600:1402:b800:987::356e
2600:1402:b800:98c::356e
23.54.201.219
Aliases: www.microsoft.com
www.microsoft.com-c-3.edgekey.net
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
and
> nslookup www.microsoft.com. 1.1.1.3
> Server: UnKnown
> Address: 1.1.1.3
>
> Non-authoritative answer:
> Name: e13678.dscb.akamaiedge.net
> Addresses: 2600:1402:f000:1098::356e
> 2600:1402:f000:109b::356e
> 2600:1402:f000:1086::356e
> 23.54.201.219
> Aliases: www.microsoft.com
> www.microsoft.com-c-3.edgekey.net
> www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
I can also confirm that the issue is now resolved. Thanks for looking into this and sharing the status/cause with us!
system
Closed
December 3, 2022, 12:00am
11
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.