zlacker

[return to "Tell HN: Archive.is inaccessible via Cloudflare DNS (1.1.1.1)"]
1. regner+r1[view] [source] 2019-05-04 18:50:01
>>ikeboy+(OP)
Cloudflare returns a proper response for me.

  nslookup archive.is 1.1.1.1
  Server:  1.1.1.1
  Address: 1.1.1.1#53

  Non-authoritative answer:
  Name: archive.is
  Address: 134.119.220.26
◧◩
2. V99+X5[view] [source] 2019-05-04 19:30:02
>>regner+r1
It's possible your ISP is intercepting all traffic for port 53 and sending it to their own nameservers (which do send client subset) instead of you actually taking to cloudflare's 1.1.1.1 at all.
◧◩◪
3. abtinf+O8[view] [source] 2019-05-04 19:52:03
>>V99+X5
Links for documented instances of this practice?
◧◩◪◨
4. lultim+QU[view] [source] 2019-05-05 08:54:39
>>abtinf+O8
I have personal witnessed this happening with Wind-Infostrada in Italy. DNS spoofing was done through the ISP provided fiber modem/router though, not at the ISP level; if you actually changed the DNS servers on the router than it would send all your queries to those routers instead of the ISP ones.

I couldn't figure out if this was plain incompetency, an attempt to enforce DNS-based website blocking, or some programmer willfully implementing the latter with the former so that it would be reasonably easy to circumvent.

Also Italian residential providers really, really like to mess with NXDOMAIN instead returning a helpful error page with affiliate links instead. You might think you can imagine how much shit this breaks; you probably don't.

[go to top]