So you've been getting weird DTD Error messages when trying to connect to your Sharepoint Online tenant using Powershell? well me too! and some Fiddling gave me the solution.

if you get a message along these lines:
Connect-SPOService : For security reasons DTD is prohibited in this XML document

then you're receiving some weird html instead of an authentication token back from SharePoint online. The easiest way to drill into this is to load Fiddler2 and track the traffic when you run the connection. Ignore the 403 and 401 errors. they are simply part of the normal authentication handshake. The interesting one is actually not the error but a 200 I found at the bottom of the list. a 200 code normally means all is good. but looking at it more closely I noticed that it did not come from SharePoint online but instead from Bigpond!! what? yeah. my ISP could not find the authentication endpoint under msoid.mytenantName.microsoftonline.com
hmpf. msoid? That's new to me. Looks like earlier this year MS introduced another DNS configuration step required for powershell commands to function:
http://technet.microsoft.com/en-us/library/hh852557.aspx

notice the msoid CNAME entry? that's what I was missing. So as a quick fix I pinged clientconfig.microsoftonline-p.net, recorded the IP address that gave me back and entered a manual record in my hosts file. And voila, the connection works again! :-) Obviously I'll be updating my public DNS to match that CName.  but for now the quick fix did the trick!

hope this solves it for you too!