Login.live.com getting blocked

whitelisting

#1

Expected Behaviour:

Allow login.live.com to pass through pihole without getting blocked, since it is in the whitelist and not on the blacklist.

Actual Behaviour:

login.live.com is my top blocked domain. I tried to whitelist again from web interface (which I realize is broken, but that is another issue…) as well as the command line. No matter what I try, my devices can’t log into live accounts.

Debug Token:

8ilsracpkd


#2

What is the output of dig login.live.com


#3

Have you whitelisted all of Microsoft’s domains? At least for Xbox, they contacted us directly to provide some of the domains that need to be whitelisted. You can find them here:


#4

Here is the output Mcat:

; <<>> DiG 9.9.5-9+deb8u15-Raspbian <<>> login.live.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20678
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;login.live.com. IN A

;; ANSWER SECTION:
login.live.com. 3119 IN CNAME login.msa.akadns6.net.
login.msa.akadns6.net. 125 IN CNAME ipv4.login.msa.akadns6.net.
ipv4.login.msa.akadns6.net. 125 IN A 131.253.61.102
ipv4.login.msa.akadns6.net. 125 IN A 131.253.61.100
ipv4.login.msa.akadns6.net. 125 IN A 131.253.61.98

;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 04 11:47:24 CST 2018
;; MSG SIZE rcvd: 145

It seems to be passing login.live.com now, however last night it was being blocked and it still my top blocked domain in the last 24 hours:

Top Blocked Domains
Domain Hits Frequency
login.live.com 3081
device-metrics-us.amazon.com 2659
watson.telemetry.microsoft.com 2413
v10.vortex-win.data.microsoft.com 1796

Jacob, I believe I have all those microsoft domains on my whitelist (as is login.live.com). The issue is that pihole seems to, at times, ignore the whitelist and block it anyway.


#5

If it gets blocked again, run that command again for the output.


#6

It is getting blocked again. Output of dig login.live.com:

; <<>> DiG 9.9.5-9+deb8u15-Raspbian <<>> login.live.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6921
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;login.live.com. IN A

;; ANSWER SECTION:
login.live.com. 2 IN A 192.168.0.130

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Mar 10 21:05:14 CST 2018
;; MSG SIZE rcvd: 59


#7

One other bit of data from trying to browse to live.com:

live.com

158
[22]:https://v.firebog.net/hosts/Kowabit.txt

No admin password set

Saturday 9:14 PM, March 10th. Pi-hole v3.3-0-g1e87850 (raspberrypi/192.168.0.130)


#8

Run pihole -d for a new debug token. I was on vacation for awhile, and the rest of the team has also been busy working on getting the next update out the door.

Also run pihole -q login.live.com when it is blocked and not blocked and compare the outputs.


#9

You’ll want to make sure to whitelist clientconfig.passport.net (confirmed by Microsoft as being related to logins)


#10

I haven’t had login.live.com blocked in a while. I’m keeping an eye on it but it hasn’t been an issue recently. Thanks for the follow-up.

I added clientconfig.passport.net for the whitelist. Thanks.


#11

Please let us know if it works or not.


#12

login.live.com is working as expected at this time. If that changes I’ll let you know.


closed #13

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.