Archive.is - Error 1001


#1

I can’t resolve archive.is using 1.1.1.1 or 1.0.0.1. Works fine with other name severs. I’m receiving error 1001 using Cloudflare’s DNS.

nslookup archive.is 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    archive.is
Address:  54.36.225.114

nslookup archive.is 1.1.1.1
Server:  1dot1dot1dot1.cloudflare-dns.com
Address:  1.1.1.1

Non-authoritative answer:
Name:    archive.is
Addresses:  2400:cb00:2048:1::681c:1802
          104.28.24.2

nslookup archive.is 1.0.0.1
Server:  1dot1dot1dot1.cloudflare-dns.com
Address:  1.0.0.1

Non-authoritative answer:
Name:    archive.is
Addresses:  2400:cb00:2048:1::681c:1802
          104.28.24.2

nslookup -class=chaos -type=txt id.server 1.1.1.1
Server:  1dot1dot1dot1.cloudflare-dns.com
Address:  1.1.1.1

Non-authoritative answer:
id.server       text =

        "bna01"

nslookup -class=chaos -type=txt id.server 1.0.0.1
Server:  1dot1dot1dot1.cloudflare-dns.com
Address:  1.0.0.1

Non-authoritative answer:
id.server       text =

        "bna01"

#2

Thanks, we’ve logged a ticket to investigate.


#3

This is unfortunately something we can’t do something about. Nameservers responsible for archive.is (ben.archive.is, anna.archive.is) are returning answers tailored to the IP address of the requestor. They return the 54.36.225.114 when asked from my residential address:

$ kdig @ben.archive.is archive.is +short
54.36.225.114

But wrong address when queried from Cloudflare’s network:

$ kdig @ben.archive.is archive.is +short
104.28.24.2

If you have a contact on the domain owner, you can ask them to fix this.


#4

archive.is appears to have corrected their DNS entry, it’s now resolving to 5.196.68.73 for me.


#5

For me, it is also returning the above mentioned IPv6 address:

Non-authoritative answer:
Name:    archive.is
Addresses:  2400:cb00:2048:1::681c:1802
          5.196.68.73

Which is bad, since I have working IPv6, and it connects to the v6 address by default.


#6

That’s unfortunate. Hopefully archive.is will fix that as well.


#7

Unfortunately, they are telling people to just use Googles dns instead, blaming the issue on CF.

it is because of 1.1.1.1
try 8.8.8.8


On 5/31/18, Taubin <[email protected]> wrote:
> When attempting to use your site from New Zealand, I am receiving the
> following error:
>
> An error occurred during a connection to archive.is. Cannot communicate
>> securely with peer: no common encryption algorithm(s). Error code:
>> SSL_ERROR_NO_CYPHER_OVERLAP
>>
>>     The page you are trying to view cannot be shown because the
>> authenticity of the received data could not be verified.
>>     Please contact the website owners to inform them of this problem.
>>
>
> This happens when attempting to use archive.is or archive.today
>
> If I use archive.fo it works just fine.
>
> This seems to be an issue with your cdn:
>
> [email protected] /mnt/c/Users/taubi ->
>  05:56 PM Thu May 31$ nslookup archive.is
> Server:         1.1.1.1
> Address:        1.1.1.1#53
>
> Non-authoritative answer:
> archive.is      canonical name = cdn-wo-ecs.archive.is.
> Name:   cdn-wo-ecs.archive.is
> Address: 104.27.170.40
> Name:   cdn-wo-ecs.archive.is
> Address: 104.27.171.40
>
> Cheers

#8

Here’s the output from a +trace dig from our New Zealand datacenter:

$ dig +trace archive.is

; <<>> DiG 9.9.5-9 <<>> +trace archive.is
;; global options: +cmd
.                       511617  IN      NS      l.root-servers.net.
.                       511617  IN      NS      m.root-servers.net.
.                       511617  IN      NS      a.root-servers.net.
.                       511617  IN      NS      b.root-servers.net.
.                       511617  IN      NS      c.root-servers.net.
.                       511617  IN      NS      d.root-servers.net.
.                       511617  IN      NS      e.root-servers.net.
.                       511617  IN      NS      f.root-servers.net.
.                       511617  IN      NS      g.root-servers.net.
.                       511617  IN      NS      h.root-servers.net.
.                       511617  IN      NS      i.root-servers.net.
.                       511617  IN      NS      j.root-servers.net.
.                       511617  IN      NS      k.root-servers.net.
.                       511617  IN      RRSIG   NS 8 0 518400 20180614000000 20180531230000 39570 . nsM7OHweHq87y7CkIi1RGawuHXyt+hpVWQ8mt8IYsRHGr50b1Q1tLEKP 0DGYq+wWtBQ8jcuDi4FYNB5NV2b05NbU8mBcnDqhfUveCVCYTR/z/wfW XBH1qOYnJOJVlniBCLl2p47dKQ6R6f78J7LNs37nQBmP4r/uA4KkM9vY kbk+trjEQ5KWmdiLe2kUyA7ejymZGDJCI3zKap2/1wBAdGCfb2gA0GOh 6X3hQJiPZTw7js3HVXbfuFOxdrPd0+g/jFAkDAjuymc/CsDNi/vPXGeS U4I1SRuhVcWvfv0c6OG5uw15uaWL1Jp+boctmiYb1vI7OqTzMGL3IsAI 4hsu3w==
;; Received 525 bytes from 127.0.0.11#53(127.0.0.11) in 4 ms

is.                     172800  IN      NS      sab.isnic.is.
is.                     172800  IN      NS      isgate.is.
is.                     172800  IN      NS      durinn.rhnet.is.
is.                     172800  IN      NS      sns-pb.isc.org.
is.                     172800  IN      NS      bes.isnic.is.
is.                     172800  IN      NS      sunic.sunet.se.
is.                     86400   IN      DS      26726 8 2 6984FEF569CFDB2CE00AFC62B5763AD50306EB0D4816A7C6CF921BF6 6B12245A
is.                     86400   IN      RRSIG   DS 8 1 86400 20180614050000 20180601040000 39570 . rz3fqinFgKxiJRz/AuZA1sazohsF+G4UMf0Dib1SdDsS+JIWbNEGR66R 6JgIH0bvlCLBK0CgXXkhzEAINxRTvO67s0r09oHnOA0gB/qucmSbPjlm OOHnwsqdzJI93oxqXKG7fM23OEqHBNHJPG57gMNlKmzF9WqeIaOOsMs7 X1adFGlx/XHQiKPr74RDEmf3fScH/buXDvyhXOnNya9VpRcDSzwhrSpx RqEXv/IXDiG4nYfsAh2dSS9vBGpxMnbX5ZLLI8S++HnwZlqLefvGZsac 9yTHGhmIW5wm6Wro0jUisjCrxndz7XH0mHkyELWsjISZ+TYIiuXoRZDC csp1uw==
;; Received 784 bytes from 202.12.27.33#53(m.root-servers.net) in 153 ms

archive.is.             86400   IN      NS      anna.archive.is.
archive.is.             86400   IN      NS      ben.archive.is.
a8nkvoortd3hr2k4mtpgmp7mjqqdam0r.is. 1800 IN NSEC3 1 0 5 7FC1C26569C764AA A8O5LJ9J3KJPEPTQDJJ816PCNAHVMTFS NS
a8nkvoortd3hr2k4mtpgmp7mjqqdam0r.is. 1800 IN RRSIG NSEC3 8 2 1800 20180621174110 20180531121004 41074 is. e3W7UNZEzFsIKkHFmBJpO8+1X4DOpD4vNJanHPr3ISGGAdgYUBFn32QU vrIUxkSZyxJtWayAhlhc3POnJUAWWMU7moajIaPPhFxv+C8L46JxGzxh KJ45wr91p797A/ymLs8MB2AG6mX9VW6ZEujaYo5hLGfi6pWXI3y0z8v6 T8s=
;; Received 352 bytes from 193.4.58.51#53(isgate.is) in 295 ms

archive.is.             300     IN      CNAME   cdn-wo-ecs.archive.is.
archive.is.             86400   IN      NS      anna.archive.is.
archive.is.             86400   IN      NS      ben.archive.is.
;; Received 178 bytes from 188.166.106.79#53(anna.archive.is) in 272 ms

Compare with a DigitalOcean instance:

# dig +trace archive.is

; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> +trace archive.is
;; global options: +cmd
.			84312	IN	NS	i.root-servers.net.
.			84312	IN	NS	e.root-servers.net.
.			84312	IN	NS	m.root-servers.net.
.			84312	IN	NS	a.root-servers.net.
.			84312	IN	NS	c.root-servers.net.
.			84312	IN	NS	k.root-servers.net.
.			84312	IN	NS	d.root-servers.net.
.			84312	IN	NS	j.root-servers.net.
.			84312	IN	NS	f.root-servers.net.
.			84312	IN	NS	b.root-servers.net.
.			84312	IN	NS	h.root-servers.net.
.			84312	IN	NS	l.root-servers.net.
.			84312	IN	NS	g.root-servers.net.
.			84312	IN	RRSIG	NS 8 0 518400 20180614050000 20180601040000 39570 . e5YS6umv7yG1juVdLW0FFXLA48qCS1b+xBCmTt5+1KYVsx+j6mPGAHAh Pa3Bx7DWSa+N7kyLbrqkptwr/yhEeE6l5HbhLRQR3zzmvQdnOfcBQbKz jdvXaWfm3+MASt+IaWjtj+KSV0Yf1AD/Jvwex8PtboWIovoCvUCafDbk 5BWz66mWn+L2sr/sdn+E9HZsUQEzkYwbsqxcciGWhLCnmSwzZHAOe6D1 TFNfQU01foEe/WL+BZ4xcVGk+RxE/uGRefOs9c4OvWCRq9Ac7li8SqEa J5rgSVG9drhG4NcWDsDVmlliWlILs8/wqoEsMVz2dRiMO2Vwe9v5hmr1 2rD/6w==
;; Received 525 bytes from 67.207.67.2#53(67.207.67.2) in 12 ms

is.			172800	IN	NS	bes.isnic.is.
is.			172800	IN	NS	sab.isnic.is.
is.			172800	IN	NS	sunic.sunet.se.
is.			172800	IN	NS	durinn.rhnet.is.
is.			172800	IN	NS	isgate.is.
is.			172800	IN	NS	sns-pb.isc.org.
is.			86400	IN	DS	26726 8 2 6984FEF569CFDB2CE00AFC62B5763AD50306EB0D4816A7C6CF921BF6 6B12245A
is.			86400	IN	RRSIG	DS 8 1 86400 20180614050000 20180601040000 39570 . rz3fqinFgKxiJRz/AuZA1sazohsF+G4UMf0Dib1SdDsS+JIWbNEGR66R 6JgIH0bvlCLBK0CgXXkhzEAINxRTvO67s0r09oHnOA0gB/qucmSbPjlm OOHnwsqdzJI93oxqXKG7fM23OEqHBNHJPG57gMNlKmzF9WqeIaOOsMs7 X1adFGlx/XHQiKPr74RDEmf3fScH/buXDvyhXOnNya9VpRcDSzwhrSpx RqEXv/IXDiG4nYfsAh2dSS9vBGpxMnbX5ZLLI8S++HnwZlqLefvGZsac 9yTHGhmIW5wm6Wro0jUisjCrxndz7XH0mHkyELWsjISZ+TYIiuXoRZDC csp1uw==
;; Received 784 bytes from 199.7.91.13#53(d.root-servers.net) in 2024 ms

archive.is.		86400	IN	NS	anna.archive.is.
archive.is.		86400	IN	NS	ben.archive.is.
a8nkvoortd3hr2k4mtpgmp7mjqqdam0r.is. 1800 IN NSEC3 1 0 5 7FC1C26569C764AA A8O5LJ9J3KJPEPTQDJJ816PCNAHVMTFS NS
a8nkvoortd3hr2k4mtpgmp7mjqqdam0r.is. 1800 IN RRSIG NSEC3 8 2 1800 20180621174110 20180531121004 41074 is. e3W7UNZEzFsIKkHFmBJpO8+1X4DOpD4vNJanHPr3ISGGAdgYUBFn32QU vrIUxkSZyxJtWayAhlhc3POnJUAWWMU7moajIaPPhFxv+C8L46JxGzxh KJ45wr91p797A/ymLs8MB2AG6mX9VW6ZEujaYo5hLGfi6pWXI3y0z8v6 T8s=
;; Received 352 bytes from 2a00:c88:10:16::20#53(durinn.rhnet.is) in 492 ms

archive.is.		300	IN	A	213.136.87.217
archive.is.		86400	IN	NS	anna.archive.is.
archive.is.		86400	IN	NS	ben.archive.is.
;; Received 169 bytes from 2a03:b0c0:2:d0::574:2001#53(anna.archive.is) in 152 ms

You can see that the result returned from anna.archive.is is different, depending on the source IP.

When archive.is’ nameservers are queried from a Cloudflare IP, they return a CNAME entry to cdn-wo-ecs.archive.is. This is the result you see when using our resolvers, which causes the incompatibility between 1.1.1.1 and archive.is.

You can further verify by visiting this third-party website, and seeing the different IP addresses returned by archive.is’ nameservers, depending on the network you’re coming in from.

The fix has to come from the operators of archive.is’ nameservers, namely, them.

Edit: realistically, they just have to fix cdn-wo-ecs.archive.is to resolve to something usable.


Can't Resolve archive.is and Related Domains (YYZ)
#9

Thank you for that, I figured it was on their end, as I didn’t have the issue from any of my servers. I’ll use my vpn while routing to them. Strangely it only happens on 1.1.1.1, none of the other dns servers I’ve tried.


#10

Yes, I’ve seen that as well. Using Google’s DNS does “solve” the problem. However the problem is not caused by Cloudflare and it doesn’t appear that the team responsible for their systems has the desire/ ability to resolve their issues.

It’s an unfortunate reality; if you were using an in-house forwarder you could specify a different resolver for their misconfigured domain…


#11

This is still not fixed. Guess we’ll have to change to Google DNS.


#12

The fix has to come from archive.is’s operators, as indicated above. We can’t fix it from our end, unfortunately.

Your choice of DNS resolver is ultimately up to you.