>>jahnu+(OP)
Archive.is is unironically one of the most important websites in the world. I hope this mess gets fixed but I am not holding my breath because we are in the same position for years now.

Interesting read on the probable owner of the site : https://webapps.stackexchange.com/a/149405

>>pacman+56
Is “Informatics” a Bachelor of Engineering?

https://www.informatik.hu-berlin.de/de/studium/Master

>>koboll+S9
Archive.is uses ECS (edns client subnet, which sends the client IP's /24 to the authoritative resolver) for geo-based load balancing. The problem is that all IPs in a /24 are highly likely to belong to the same city for residential connections, so plugging it into a geoip service is likely to show the actual city & state that a request originates from (the entire point of ECS).

https://twitter.com/archiveis/status/1018691421182791680 (screenshot: https://aws1.discourse-cdn.com/cloudflare/original/3X/8/2/82... )

>>Dylan1+za
>> 1.1.1.1 is delivered across Cloudflare’s entire network that today spans 180 cities. We publish the geolocation information of the IPs that we query from. That allows any network with less density than we have to properly return DNS-targeted results.

Cloudflare makes an exception to this rule for Archive.{today,is,...} domains. All requests for this domains come from Amazon EC2 in the U.S., not the 180 edges of Cloudflare. This was on blog.archive.today. Why? Who knows. But the decision to break up is made by both parties, not just the archive.

Source https://blog.archive.today/post/623568857709395968/i-from-th...

>>jahnu+(OP)
There have been at least two past threads about this:

Tell HN: Unexpected errors with Archive.is on Cloudflare 1.1.1.1 DNS - https://news.ycombinator.com/item?id=23315640 - May 2020 (10 comments)

Tell HN: Archive.is inaccessible via Cloudflare DNS (1.1.1.1) - https://news.ycombinator.com/item?id=19828317 - May 2019 (197 comments)

as well as god knows how many comments...

>>deadal+r4
"Archive.is is unironically one of the most important websites in the world"

Are you sure you're not confusing it with the internet archive https://www.archive.org/

>>raxi+Dg
Do you have a citation for that? Sourcing from https://news.ycombinator.com/item?id=19828702 , they don’t reverse their global stance for large providers. Their stance is ~”Including client IP via EDNS violates our goal of maximizing user data privacy”, and what they’re working on with other large-scale providers is a way to improve geo-resolution without weakening user privacy.

>>akerl_+Rc
It isn’t the actual IP, it is the subnet. Leaks some info, but unless you own the entire subnet it won’t give up your identity.

https://en.wikipedia.org/wiki/EDNS_Client_Subnet

>>koboll+S9
To add, apparently another reason is that he believes using Cloudflare as your recursive resolver could lead to phishing[0]:

> the same entity which answers your DNS queries is able to issue SSL certs for any domain, so using CloudFlare DNS you never know whether you access the original website or a fishing one

Generally this is protected via certificate transparency+CAA records. If CF's CA were to issue a bad certificate, it'd be blocked by the browser and, should it get out, jeopardize the entire company, likely DigiCert as well given they cross-signed Cloudflare's issuing CA.

0: https://blog.archive.today/post/634795612966125568/when-will...

>>Hamuko+pi
https://blog.archive.today/post/623568857709395968/i-from-th...

There was another answer I could not find quickly where that is named here "another free dns service" was named Amazon.

>>jahnu+(OP)
I had a similar issue with VoWiFi on my network due to EDNS, and it's rightly pointed out by msilverlock in forum.

  # dig vowifi.jio.com @1.1.1.1 A
  ;; ANSWER SECTION:
  vowifi.jio.com. 5 IN A 49.45.63.1
  vowifi.jio.com. 5 IN A 49.45.63.2
  ;; SERVER: 1.1.1.1#53(1.1.1.1)

  # dig vowifi.jio.com @8.8.8.8 A
  ;; ANSWER SECTION:
  vowifi.jio.com. 4 IN A 49.44.59.36
  vowifi.jio.com. 4 IN A 49.44.59.38
  ;; SERVER: 8.8.8.8#53(8.8.8.8)

https://community.cloudflare.com/t/vowifi-issues-due-to-poss...

As the article links to and says "privacy versus convenience", and I am happy that CloudFlare chose the former.

>>Hamuko+8j1
To add, I can't find any other evidence of this. This community post was posted on the same day as that blog entry, and archive.is still isn't loading: https://community.cloudflare.com/t/getting-servfail-for-some...

>>judge2+aA1
> They're not forwarding it at all.

They indeed are, "for your privacy".

And our topic started exactly out of this:

From: https://webapps.stackexchange.com/questions/135222/why-does-...

``` Official Statement

archive.today had this to say about the issue:

https://twitter.com/archiveis/status/1017902875949793285

    2018-07-13T1545: yes, unlike other public DNS services, 1.1.1.1 does not support EDNS Client Subnet

https://twitter.com/archiveis/status/1018691421182791680

    2018-07-15T1958: "Having to do" is not so direct here. Absence of EDNS and massive mismatch (not only on AS/Country, but even on the continent level) of where DNS and related HTTP requests come from causes so many troubles so I consider EDNS-less requests from Cloudflare as invalid.
 

```

> Or time travel to 2010 and try to respond to DNS queries while no servers are sending ECS.

That is exactly what `archive.{*}` does.

It responses to

[+] requests from IPs with geo-information (as in 2010, and it seems to be the most of requests still)

[+] AND to requests from public global resolvers with EDNS, which supply information to which region the server IP will be forwarded (as in 2015)

[-] But not requests from a public global resolver which conceal the source region (as it does a single privacy minded megacorp in 2019)