• 0 Posts
  • 2 Comments
Joined 4 years ago
cake
Cake day: June 10th, 2020

help-circle
  • According to cloudflare adminsIt’s a bit more complicated than 1.1.1.1 (Cloudflare DNS) censoring your internet, read here https://news.ycombinator.com/item?id=19828702

    Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.

    The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. We’re aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals, which was part of the motivation for the privacy and security policies of 1.1.1.1.

    edit: So it’s actually the other way around, it’s the archive.is admin who’s blocking people who use Cloudflare DNS, read also their tweet here https://twitter.com/archiveis/status/1018691421182791680