Cloudflare dns has gone back and forth on whether it wants to resolve them since 2019. It’s taken that away and restored it again (intentionally? mistake?) at least four times.

The c&c/botnet designation would seem to be new though.

▲

winkelmann 2 days ago | parent | next [-]

As far as I am aware, all previous issues with archive.today and Cloudflare were on account of archive.today taking measures to stop Cloudflare's DNS from correctly resolving their domains, not the other way around.

The current situation is due to Cloudflare flagging archive.today's domains for malicious activity, Cloudflare actually still resolves the domains on their normal 1.1.1.1 DNS, but 1.1.1.2 ("No Malware") now refuses. Exactly why they decided to flag their domains now, over a month after the denial-of-service accusations came out, is unclear, maybe someone here has more information.

▲

Hamuko 2 days ago | parent | next [-]

Sounds a bit like when "Finland geoblocked archive.today". In all actuality, there was no geoblocking of the site in Finland by any authorities or ISPs, but rather it was the website owner blocking all Finnish IPs after some undisclosed dispute with Finnish border agents. When something bad happens, people seem a bit too willing to give archive.today the benefit of the doubt.

▲

kmeisthax 2 days ago | parent | prev [-]

For context, archive.today is angry that Cloudflare won't pass through EDNS - which includes things like your IP address, which archive.today explicitly wants for DNS-based geographical routing. The obvious problem with this is that it would deanonymize all 1.1.1.1 users, at least down to their ISP and probably down to the individual subscriber.

	▲	2 days ago \| parent [-]
		[deleted]

▲

akerl_ 2 days ago | parent | prev | next [-]

Have they? The thing I remember previously was archive.is, and it wasn’t a block, archive.is was serving intentionally wrong responses to queries from cloudflare’s resolvers.

This is notably not a change to how 1.1.1.1 works, it’s specifically their filtered resolution product.

https://news.ycombinator.com/item?id=19828702

	▲	razingeden a day ago \| parent [-]
		Thank you. And all. It’s too late to edit my comment but the ones in this vein checked out and I stand corrected

▲

altairprime 2 days ago | parent | prev | next [-]

Intentionally, I believe? archive.today iirc has explicitly blocking Cloudflare from resolving them at various times over the years due to Cloudflare DNS withholding requesting-user PII (ip address) in DNS lookups.

Looking forward to when Google Safe Browsing adds their domains as unsafe, as that ripples to Chrome and Firefox users.

▲

vachina 2 days ago | parent | prev [-]

> Cloudflare dns has gone back and forth.

Just tells me they are an unreliable resolver. Instead of being a neutral web infra, they actively participate in political agendas and censor things they "think" is wrong.

▲

akerl_ 2 days ago | parent | next [-]

1. As noted in prior comments, Cloudflare wasn’t blocking this site previously. The site operator chose to make their site unresolvable by Cloudflare.

2. 1.1.1.2, the resolver being discussed in this post, is explicitly Cloudflare’s malware-filtered DNS host. 1.1.1.1 does not filter this site.

▲

hrmtst93837 2 days ago | parent | prev [-]

If you want "neutral" DNS now, run your own resolver and hope upstreams don't backstab you ltaer, because outsourced trust never come free.

	▲	akerl_ 2 days ago \| parent [-]
		Are there any examples of 1.1.1.1 or 8.8.8.8 not being neutral?