Manual WAN DNS settings not resolving outlook.office365.com


#1

I have a Pepwave MAX-BR1-LTE-E 4G modem (firmware 7.0.0 build 2445) that had a manual PPPoE ethernet WAN DNS forwarding issue. I am physically located in Dar es Salaam, Tanzania but use DNSFilter for Content Filtering which is based in the US. I manually set their DNS IPs in our WAN, then turned off our auto ISP DNS so that all requests go through DNSFilter. Browsing seemed to work find but eventually we noticed that outlook.office365.com was not resolving. This is major since over half our users are Office 365. Even nslookups would fail unless you coded in DNSFilter IPs. (i.e. nslookup outlook.office365.com vs. nslookup outlook.office365.com 103.247.36.36). After contacting DNS Filter support, there was nothing on their end that would block this. At first, I thought it has something to do with DNS geolocation for Office 365 https://goo.gl/WrWLnX, but that does not seem to be the case (see my resolution below). Because nslookup outlook.office365.com 103.247.36.36 would resolve, I kept investigating. I turned on the ISP DNS in WAN Connection Settings and outlook.office365.com resolved. I turned that off again and turn on “Include Google Public DNS Servers” in Network->DNS Proxy Settings and once again outlook.office365.com resolved (note that in between setting changes I initiated ipconfig/flushdns and release/renew my LAN IP). During all of this I didn’t notice other resolving issues and there were no other DNS resolve error reported from other office staff. I made an effort to tell staff in office meetings to report any DNS errors as they encountered them. After 3 weeks it seems to only be for this outlook.office365.com domain (and Outlook clients have MAPI settings pointing to outlook.office365.com and they failed too). To resolve the issue, I set the WAN back manually to DNSFilter IPs and went to the DHCP settings for each of my four LAN networks (3 of which are VLANs) and configured the DNSFilter IP addresses directly in the DHCP settings so that the DNSFilter IPs would be set directly on the machines, as opposed to using WAN as a DNS forwarder. This worked. So the mystery is why only the outlook.office365.com address (that I know of) would not resolve after being forwarded to manual DNS settings in the WAN but yet WOULD work when using auto ISP DNS IPs in WAN? Could this be a fireware issue? I have this resolved, but thought I would mention this experience in case it helped at all.