Short answer: no. Quite the opposite, actually — Archive.is is intentionally blocking 1.1.1.1 users. Here's why.
tl;dr: No. Quite the opposite, actually — Archive.is’s owner is intentionally blocking 1.1.1.1 users.
CloudFlare’s CEO had this to say on HackerNews:
We don’t block archive.is or any other domain via 1.1.1.1. […] Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service. […] The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users.
I am mainly making this post so that admins/moderators at BeeHaw will consider using archive.org or ghostarchive.org links instead of archive.today links.
Because anyone using CloudFlare’s DNS for privacy is being denied access to archive.today links.
I know what you meant with the VPN. Just saying that CloudFlare is using the VPN leakage case to justify not supporting ECS. As for the rest of the problems, DNS servers that suport ECS, hopefully have already implemented countermeasures.
Indeed Archive.is is free to block whoever he wants… he’s just using a weird argument, particularly when there is an onion address for it, which is kind of the opposite of a CDN… or I don’t understand his side completely. It feels to me like both sides are sticking to their stances, when either or both could fix the issue without much of a problem.
I don’t think Google own 4.4.4.4, did you mean 8.8.4.4?
Damn. Yeah, I meant 8.8.8.8 and 8.8.4.4. Brain fart.
There’s a comment on one of the HN threads that gives a little more insight - basically it helps him combat abuse by routing requests to the closest server outside of the requesting ips area: https://news.ycombinator.com/item?id=36971650
Not sure how that argument really holds up to scrutiny but it’s something.
DNS server returns not the closest IP to the request origin but the closest IP abroad, so any takedown procedure would require bureaucratic procedures so I am getting notified notified and have time to react.
Oh, so he’s not using a CDN, but a sort of “anti”-CDN.
attacks where people upload illegal content
I offered them to proxy those CloudFlare DNS’s users via their CDN but they rejected.
Wonder why 😆
Yes, that holds up to scrutiny pretty well.
After “I’ve proposed we just fix it on our end …” all requests for 7 archive.* domains are sent from Symantec USA IP
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@beehaw.org
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
I know what you meant with the VPN. Just saying that CloudFlare is using the VPN leakage case to justify not supporting ECS. As for the rest of the problems, DNS servers that suport ECS, hopefully have already implemented countermeasures.
Indeed Archive.is is free to block whoever he wants… he’s just using a weird argument, particularly when there is an onion address for it, which is kind of the opposite of a CDN… or I don’t understand his side completely. It feels to me like both sides are sticking to their stances, when either or both could fix the issue without much of a problem.
Damn. Yeah, I meant 8.8.8.8 and 8.8.4.4. Brain fart.
There’s a comment on one of the HN threads that gives a little more insight - basically it helps him combat abuse by routing requests to the closest server outside of the requesting ips area: https://news.ycombinator.com/item?id=36971650
Not sure how that argument really holds up to scrutiny but it’s something.
Oh, so he’s not using a CDN, but a sort of “anti”-CDN.
Wonder why 😆
Yes, that holds up to scrutiny pretty well.
…and that’s a dick move on part of CloudFlare.