zlacker

[parent] [thread] 8 comments
1. freedo+(OP)[view] [source] 2023-08-02 14:43:00
More of a meta comment, but thank you for your willingess to upset some customers and potential customers. Having and standing by principles can be damn inconvenient at times, but the world is a much better place because of it.
replies(2): >>adql+Mr >>nullin+mz
2. adql+Mr[view] [source] 2023-08-02 16:43:08
>>freedo+(OP)
It's entirely smokescreen. Yes your DNS doesn't "leak" your IP... but server will immediately get the IP of the client on first try of connecting it.
replies(1): >>djbusb+8w
◧◩
3. djbusb+8w[view] [source] [discussion] 2023-08-02 17:01:02
>>adql+Mr
But the DNS won't. Many times the DNS and Webserver are different hosts. Eg: DNS in Route53 and Webserver in Linode
replies(1): >>jachee+h81
4. nullin+mz[view] [source] 2023-08-02 17:15:22
>>freedo+(OP)
> thank you for your willingess to upset some customers and potential customers

Or, thank you for wasting your customers time attempting to figure out why one or more sites aren't responding appropriately on your network while they work on other networks.

Not everyone is clued into EDNS or why archive.is doesn't function with CF.

CF is wasting everyone's time.

replies(1): >>lolind+xD
◧◩
5. lolind+xD[view] [source] [discussion] 2023-08-02 17:31:48
>>nullin+mz
I mean, it's archive.is that is intentionally serving an incorrect DNS record (pointing back at Cloudflare's IPs) when it gets a DNS query that every other resolver handles just fine. They may have legitimate grievances with the info being dropped, but in the end they're the ones breaking their own traffic.
replies(1): >>fragme+mY
◧◩◪
6. fragme+mY[view] [source] [discussion] 2023-08-02 18:55:18
>>lolind+xD
That seems like your much stronger older brother hitting you with your own arm and asking "why are you hitting yourself" over and over again though. Cloudflare is standing their ground with their morals, and Archive is standing their ground with their morals. Which one is right is for you to decide.
replies(1): >>jachee+C81
◧◩◪
7. jachee+h81[view] [source] [discussion] 2023-08-02 19:31:57
>>djbusb+8w
Also, looking up DNS in one direction and browsing (say over a VPN) in another. The destination site doesn’t always get the same IP that the DNS request gets.
◧◩◪◨
8. jachee+C81[view] [source] [discussion] 2023-08-02 19:33:25
>>fragme+mY
Easy choice: the one that’s protecting me, rather than themselves.
replies(1): >>nullin+Va1
◧◩◪◨⬒
9. nullin+Va1[view] [source] [discussion] 2023-08-02 19:41:28
>>jachee+C81
Without protecting themselves, archive.is wouldn't exist.

And given it is the subnet number being sent, NOT the IP address that people here claim, the privacy concern is fairly low (CF knows your IP address in order to deliver the DNS answer back to you and archive.is knows your IP address when you request resources).

I'll take the performance improvement that EDNS client subnet can provide.

[go to top]