This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
I work for the Air Force, and use the Air Force/DOD's Office 365 regularly for Outlook on the web and Teams. Starting today, I can't log in as I never get to the point where I select my certificate and enter a PIN.
Previous steps/desired outcome when using Unbound (127.0.0.1#53) as my only upstream server:
- Go to https://webmail.apps.mil (redirects to a https://login.microsoftonline.us address)
- Enter my email address
- Redirected to a https://federation.us.af.mil address
- Select my certificate, enter PIN
- Access to Office 365 granted, webmail and other apps usable.
What's happening today:
- Go to https://webmail.apps.mil (redirects to a https://login.microsoftonline.us address)
- Enter my email address
- Redirected to a https://federation.us.af.mil address
- Chrome throws an error, stating "This site can't be reached" with "ERR_NAME_NOT_RESOLVED" at the bottom.
Here are the results of an nslookup using Unbound only:
pi@raspberrypi:~ $ nslookup federation.us.af.mil
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find federation.us.af.mil: SERVFAIL
Here are the results of an nslookup using Cloudflare:
pi@raspberrypi:~ $ nslookup federation.us.af.mil 1.1.1.1
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
federation.us.af.mil canonical name = ches.gtm.federation.us.af.mil.akadns.net.
ches.gtm.federation.us.af.mil.akadns.net canonical name = certauth.federation.us.af.mil.apps.gcds.disa.mil.
certauth.federation.us.af.mil.apps.gcds.disa.mil canonical name = ches.af.mil.edgekey.dmz.akamai.csd.disa.mil.
ches.af.mil.edgekey.dmz.akamai.csd.disa.mil canonical name = e1120.d.akamaiedge.akamai.csd.disa.mil.
Name: e1120.d.akamaiedge.akamai.csd.disa.mil
Address: 214.48.252.143
Dig results, Unbound only:
pi@raspberrypi:~ $ dig federation.us.af.mil
; <<>> DiG 9.11.5-P4-5.1 deb10u5-Raspbian <<>> federation.us.af.mil
;; global options: cmd
;; connection timed out; no servers could be reached
Dig results using Cloudflare:
pi@raspberrypi:~ $ dig federation.us.af.mil @1.1.1.1
; <<>> DiG 9.11.5-P4-5.1 deb10u5-Raspbian <<>> federation.us.af.mil @1.1.1.1
;; global options: cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 65088
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;federation.us.af.mil. IN A
;; Query time: 2051 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jul 06 13:42:04 EDT 2021
;; MSG SIZE rcvd: 49
If I add another upstream server (e.g. Cloudflare) while using Unbound, or stop using Unbound completely, the site resolves and I can access Office 365.
I've done a "pihole reconfigure" and tried both "repair" and "reconfigure" and neither solved the problem. I've uninstalled and reinstalled Unbound and updated the root hints, and that hasn't worked. What am I missing? One would think that if there was an issue with Unbound, then nothing would resolve, but that's not the case. I've also confirmed that I can log into my personal Office 365 account with zero issues, so it's not a problem on Microsoft's end. I've flushed DNS cache, used different browsers...you name it.
Subreddit
Post Details
- Posted
- 3 years ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/pihole/comm...