zlacker

[return to "Why does 1.1.1.1 not resolve archive.is?"]
1. virapt+F3[view] [source] 2019-10-04 06:22:58
>>stargr+(OP)
> massive mismatch (...) of where DNS and related HTTP requests come from causes so many troubles

Does anyone know what they could mean here? I get that having more open connections and slow requests is not great, but there are popular attacks people will try against them in this case. They already have to handle pathologic cases of slow requests, so handling some small number of slower clients shouldn't be an issue.

Or are they talking about some other problem?

◧◩
2. miyuru+e5[view] [source] 2019-10-04 06:42:20
>>virapt+F3
They are taking about Geo load balancing via DNS.[1]

Just try one of the akamai endpoints to test it. (E.g media.steampowered.com)

For me 1.1.1.1 serves akamai singapore IPs, while 8.8.8.8 serves IPs of my ISPs akamai cache in Sri Lanka.

If your ISP has a bad route to 1.1.1.1, this just gets worse.

[1] https://en.wikipedia.org/wiki/GeoDNS

◧◩◪
3. virapt+r6[view] [source] 2019-10-04 07:02:35
>>miyuru+e5
Yeah, but... why does it matter? They're not some massive retailer where every ms potentially translates to some proportion of lost sales that add up to a significant number. They're serving archived pages.

In what case would some extra delay be worse than no access at all?

◧◩◪◨
4. miyuru+c7[view] [source] 2019-10-04 07:12:59
>>virapt+r6
In the post the archive.is says that it caused "many troubles".

We really dont know the site works in the backend. So I guess the admin did not want to spend time to fix issues cloudflare created.

◧◩◪◨⬒
5. profmo+T7[view] [source] 2019-10-04 07:25:12
>>miyuru+c7
> issues cloudflare created.

But that's the thing, Cloudflare didn't really create any issues. If I live in the US and I decide to use some random public DNS server in Australia, it will be an unpleasant setup, but it's a perfectly valid one.

There's no rule that your DNS server must be on the same network as you, or send your subenet if it isn't. When that's the case it allows for some nice performance optimizations. (I.E. sending you to a closer cache.) But it's just that - an optimization. If your service is completely unreachable without performance optimizations, you've created a very fragile service.

◧◩◪◨⬒⬓
6. roblab+7e[view] [source] 2019-10-04 08:49:40
>>profmo+T7
> There's no rule that your DNS server must be on the same network as you, or send your subenet if it isn't.

It's the default configuration. 99% of internet users follow this configuration (at least, until web browsers start shipping DoH as a default). It's honestly a fairly reasonable assumption to make.

◧◩◪◨⬒⬓⬔
7. luncha+jE[view] [source] 2019-10-04 13:42:59
>>roblab+7e
Can't you argue the inverse as well? Cloudflare isn't sending EDNS Client Subnet to any other authoritative name servers, is anyone else having problems? Or are 99% of people working just fine without this optional EDNS information? So isn't it archive.is who is the 1% who isn't following the standard configuration? Which is to still resolve correctly even without the option EDNS information? Sure, it might not be the best possible answer for a client, but you can still return an answer?
[go to top]