zlacker

[return to "Does Cloudflare’s 1.1.1.1 DNS Block Archive.is? (2019)"]
1. Goz3rr+mm[view] [source] 2023-08-02 15:19:08
>>lolind+(OP)
If you're using a Pi-hole for your DNS (or anything else using dnsmasq I suppose), I worked around the issue by creating /etc/dnsmasq.d/02-archive.is.conf (with a Docker bind mount in my case) with the following content:

    server=/archive.today/8.8.8.8
    server=/archive.today/8.8.4.4
    server=/archive.ph/8.8.8.8
    server=/archive.ph/8.8.4.4
    server=/archive.is/8.8.8.8
    server=/archive.is/8.8.4.4
    server=/archive.li/8.8.8.8
    server=/archive.li/8.8.4.4
    server=/archive.vn/8.8.8.8
    server=/archive.vn/8.8.4.4
    server=/archive.fo/8.8.8.8
    server=/archive.fo/8.8.4.4
    server=/archive.md/8.8.8.8
    server=/archive.md/8.8.4.4
    server=/archive.to/8.8.8.8
    server=/archive.to/8.8.4.4
This way you use 1.1.1.1 for everything, except the domains listed above where it uses Google DNS instead.
◧◩
2. croes+Gw[view] [source] 2023-08-02 16:02:17
>>Goz3rr+mm
And you leak your location, don't you?
◧◩◪
3. adql+UG[view] [source] 2023-08-02 16:45:45
>>croes+Gw
Do you know how DNS works ?

You as for a record, you get answer. You ask for IP adddress of archive.today, you get that IP

Then you connect to that IP

If your DNS doesn't leak client IP, the browser connecting to server IP will leak it.

It's entirely irrelevant protection that does nothing but makes competing on cdn harder.

◧◩◪◨
4. ninjag+OI[view] [source] 2023-08-02 16:53:49
>>adql+UG
I was willing to give CF the benefit of the doubt, until other posters (and you) pointed out that this is a red herring. Also given Stavros' note [1] on how archive.is needs the EDNS data to protect themselves from CSAM/ISIS material based attacks and that they suggested solutions but CF refused to cooperate, I'm unsure of the motives behind these posters claiming CF is protecting privacy. Matthew Prince's motives in his truth-but-not-full-truth response are obvious.

[1] >>36971650

◧◩◪◨⬒
5. NicoJu+ZU[view] [source] 2023-08-02 17:44:37
>>ninjag+OI
I'm still giving cf the benefit of the doubt, but I need more research.

I always found the funding of archive.is unknown. Who is behind it and why do they want this info. Why and how they can provide this for free is a big unknown to me.

I'm giving cf the benefit of the doubt against archive. At least I know cloudflare and this would be the first "doubt-moment"...

It's weird that others don't have this issue that much, I would have thought that CDN's would scream from everywhere for years already, if archive.is his statement is "complete".

Edit: cloudflare does not seem to block what's needed though.

>>19828702

> EDNS IP subsets can be used to better geolocate responses for services that use DNS-based load balancing. However, 1.1.1.1 is delivered across Cloudflare’s entire network that today spans 180 cities. We publish the geolocation information of the IPs that we query from. That allows any network with less density than we have to properly return DNS-targeted results.

[go to top]