zlacker

[parent] [thread] 11 comments
1. Thorre+(OP)[view] [source] 2019-10-04 08:31:14
Archive.is does not block all requests lacking EDNS. They specifically block requests coming from Cloudflare's datacenters. Cloudflare is not accidentally misconfiguring their EDNS, Cloudflare is intentionally not sending EDNS.
replies(4): >>Operyl+Y >>lagadu+t2 >>Stream+j6 >>doogli+Hc
2. Operyl+Y[view] [source] 2019-10-04 08:44:32
>>Thorre+(OP)
They’re intentionally not sending an optional extension, that seems .. fair honestly.
replies(1): >>cnst+Q1
◧◩
3. cnst+Q1[view] [source] [discussion] 2019-10-04 08:58:50
>>Operyl+Y
The EDNS-Client-Subnet extension was not meant to be optional for folks running a CDN or a huge public resolver across 100+ POPs.
replies(1): >>lagadu+x2
4. lagadu+t2[view] [source] 2019-10-04 09:09:43
>>Thorre+(OP)
The "misconfiguration" he's talking about is on archive.is' part. Their configuration expects some specific server to have an optional functionality enabled, which it doesn't.
replies(1): >>Thorre+T2
◧◩◪
5. lagadu+x2[view] [source] [discussion] 2019-10-04 09:10:33
>>cnst+Q1
"Was not meant" means nothing. It's specified as optional because it's an extension mechanism.
◧◩
6. Thorre+T2[view] [source] [discussion] 2019-10-04 09:14:52
>>lagadu+t2
Sorry, I don't understand. I was referring to this quote:

> I think it's fair to say your site is just offline for some users due to a config mistake.

Archive.is is not making an accidental mistake. Archive.is is behaving very intentionally. They've said so on Twitter. And I believe profmonocle agrees with me on that point.

replies(1): >>jgraha+js
7. Stream+j6[view] [source] 2019-10-04 10:08:30
>>Thorre+(OP)
And I agree with that as a Cloudflare customer. In fact if this was a paid feature I would pay for it.

Just to give you more insight. Google knows which IP address I am using Gmail from. If I use 8.8.8.8 they know what other content I am looking for which websites I visit and tie that to my account. If I use something like Cloudflare who do not expose my IP (or range) then I achieved more privacy. I could use my local DNS server (like I do at home) but I travel a lot.

In this case "misconfiguration" is actually for privacy and archive.is could live with that just like other sites but they intentionally screw with Cloudflare (aka the users who has 1.1.1.1 as the resolver).

8. doogli+Hc[view] [source] 2019-10-04 11:44:43
>>Thorre+(OP)
Do you have a source for this?
replies(2): >>Godel_+1n >>Thorre+QW1
◧◩
9. Godel_+1n[view] [source] [discussion] 2019-10-04 13:14:19
>>doogli+Hc
https://mobile.twitter.com/archiveis/status/1018691421182791...
replies(1): >>doogli+YC
◧◩◪
10. jgraha+js[view] [source] [discussion] 2019-10-04 13:48:08
>>Thorre+T2
And Cloudflare would happily talk to archive.is to come up with a solution.
◧◩◪
11. doogli+YC[view] [source] [discussion] 2019-10-04 14:50:52
>>Godel_+1n
I've seen that, it doesn't really clarify whether the block singles out cloudflare in particular, or whether cloudflare is the only (significant) DNS resolver that the block happens to affect.
◧◩
12. Thorre+QW1[view] [source] [discussion] 2019-10-05 01:55:40
>>doogli+Hc
Sources for archive.is blocking Cloudflare's datacenters:

The exact same command fails when sent from Cloudflare's datacenters, but succeeds when sent from DigitalOcean:

https://community.cloudflare.com/t/archive-is-error-1001/182...

Two more sources:

https://news.ycombinator.com/item?id=19830258

https://news.ycombinator.com/item?id=19829036

[go to top]