zlacker

[return to "Does Cloudflare’s 1.1.1.1 DNS Block Archive.is? (2019)"]
1. diogoc+Db[view] [source] 2023-08-02 14:31:28
>>lolind+(OP)
This is obviously not Cloudflare's fault, but I wonder why they don't just mask their identity (e.g. by using a random AWS IP address) when querying archive.is?

AFAICT this wouldn't "violate the integrity of DNS and the privacy and security promises we made to our users" and would solve a big pain point of using 1.1.1.1.

◧◩
2. eastda+Id[view] [source] 2023-08-02 14:39:25
>>diogoc+Db
We’ve tried. The owner of Archive.is actively monitors and then returns bad results. This is true even if we recurse through another recursor. It’s a very odd hill to die on.
◧◩◪
3. datafl+ne[view] [source] 2023-08-02 14:42:35
>>eastda+Id
I think I'm missing something, but is there a way you can pass along some some sort of vague location info for caching purposes without revealing too much? From their tweet they mentioned even continent level information isn't available, which I can understand. Is there really no middle ground that works here?
◧◩◪◨
4. xnyant+Ji[view] [source] 2023-08-02 15:02:59
>>datafl+ne
Continent-level information doesn't exist. EDNS Client Subnet doesn't send a location, it sends a subnet. Its "location" then has to be looked up in geolocation databases which may or may not be accurate. There's no subnet that will map to a continent.
[go to top]