zlacker

[parent] [thread] 10 comments
1. diogoc+(OP)[view] [source] 2023-08-02 14:31:28
This is obviously not Cloudflare's fault, but I wonder why they don't just mask their identity (e.g. by using a random AWS IP address) when querying archive.is?

AFAICT this wouldn't "violate the integrity of DNS and the privacy and security promises we made to our users" and would solve a big pain point of using 1.1.1.1.

replies(2): >>freedo+m1 >>eastda+52
2. freedo+m1[view] [source] 2023-08-02 14:37:03
>>diogoc+(OP)
I'm not affiliated with CF at all, but if I were I would oppose that idea on a couple levels.

Philosophically I think that lacks respect for the site owner and it would be wrong to deceive them and go against their wishes.

Pragmatically that sounds like a giant maintenance pain in the ass to manage, and not worth the time/money to make somebody's site work who actively doesn't want it to work.

3. eastda+52[view] [source] 2023-08-02 14:39:25
>>diogoc+(OP)
We’ve tried. The owner of Archive.is actively monitors and then returns bad results. This is true even if we recurse through another recursor. It’s a very odd hill to die on.
replies(3): >>datafl+K2 >>diogoc+Q4 >>Fabric+s6
◧◩
4. datafl+K2[view] [source] [discussion] 2023-08-02 14:42:35
>>eastda+52
I think I'm missing something, but is there a way you can pass along some some sort of vague location info for caching purposes without revealing too much? From their tweet they mentioned even continent level information isn't available, which I can understand. Is there really no middle ground that works here?
replies(2): >>afavou+f6 >>xnyant+67
◧◩
5. diogoc+Q4[view] [source] [discussion] 2023-08-02 14:52:33
>>eastda+52
That's as annoying as it is impressive.
◧◩◪
6. afavou+f6[view] [source] [discussion] 2023-08-02 14:59:38
>>datafl+K2
From another post the CEO made it sounds like they could do a bunch of things but don’t think they should. Which I understand. Once you start adding workarounds for specific domains I can imagine the whole thing spiralling quickly. The owner of archive.is doesn’t want the traffic, CF probably shouldn’t move heaven and earth in response.
replies(1): >>datafl+n9
◧◩
7. Fabric+s6[view] [source] [discussion] 2023-08-02 15:00:34
>>eastda+52
Have you guys considered just having the resolver not return anything? Such that my system would fallback to another resolver (such as Google or Quad9) and I wouldn't have issues accessing the site?

I guess that still has the privacy implications.. but at least it would work!

replies(1): >>dreadl+sf
◧◩◪
8. xnyant+67[view] [source] [discussion] 2023-08-02 15:02:59
>>datafl+K2
Continent-level information doesn't exist. EDNS Client Subnet doesn't send a location, it sends a subnet. Its "location" then has to be looked up in geolocation databases which may or may not be accurate. There's no subnet that will map to a continent.
replies(1): >>DanAtC+sl
◧◩◪◨
9. datafl+n9[view] [source] [discussion] 2023-08-02 15:14:09
>>afavou+f6
I don't see what I proposed as a domain specific workaround, it should be done for all domains I think.
◧◩◪
10. dreadl+sf[view] [source] [discussion] 2023-08-02 15:38:38
>>Fabric+s6
The whole point is that they don't want to break any core DNS functionality with a band aid fix just because one website doesn't like it.
◧◩◪◨
11. DanAtC+sl[view] [source] [discussion] 2023-08-02 16:03:58
>>xnyant+67
Network blocks are issued by regional registries: https://upload.wikimedia.org/wikipedia/commons/9/95/Regional...
[go to top]