zlacker

>>lolind+(OP)
If you're using a Pi-hole for your DNS (or anything else using dnsmasq I suppose), I worked around the issue by creating /etc/dnsmasq.d/02-archive.is.conf (with a Docker bind mount in my case) with the following content:

    server=/archive.today/8.8.8.8
    server=/archive.today/8.8.4.4
    server=/archive.ph/8.8.8.8
    server=/archive.ph/8.8.4.4
    server=/archive.is/8.8.8.8
    server=/archive.is/8.8.4.4
    server=/archive.li/8.8.8.8
    server=/archive.li/8.8.4.4
    server=/archive.vn/8.8.8.8
    server=/archive.vn/8.8.4.4
    server=/archive.fo/8.8.8.8
    server=/archive.fo/8.8.4.4
    server=/archive.md/8.8.8.8
    server=/archive.md/8.8.4.4
    server=/archive.to/8.8.8.8
    server=/archive.to/8.8.4.4

This way you use 1.1.1.1 for everything, except the domains listed above where it uses Google DNS instead.

>>Goz3rr+mm
And you leak your location, don't you?

>>croes+Gw
Do you know how DNS works ?

You as for a record, you get answer. You ask for IP adddress of archive.today, you get that IP

Then you connect to that IP

If your DNS doesn't leak client IP, the browser connecting to server IP will leak it.

It's entirely irrelevant protection that does nothing but makes competing on cdn harder.

>>adql+UG
I was willing to give CF the benefit of the doubt, until other posters (and you) pointed out that this is a red herring. Also given Stavros' note [1] on how archive.is needs the EDNS data to protect themselves from CSAM/ISIS material based attacks and that they suggested solutions but CF refused to cooperate, I'm unsure of the motives behind these posters claiming CF is protecting privacy. Matthew Prince's motives in his truth-but-not-full-truth response are obvious.

[1] >>36971650