Archive.today does not resolve with 1.1.1.1, works fine on other resolvers

MacBook-Pro:~ milk$ dig +short archive.today @1.1.1.1
127.0.0.3
MacBook-Pro:~ milk$ dig +short archive.today @8.8.8.8
185.246.154.96
MacBook-Pro:~ milk$ dig +short archive.today @9.9.9.9
46.45.185.30
MacBook-Pro:~ milk$ dig +short archive.today @185.228.168.9
178.32.222.191
MacBook-Pro:~ milk$ dig +short archive.today @176.103.130.130
51.38.113.224
MacBook-Pro:~ milk$ dig +short archive.today @198.101.242.72
46.45.185.30
MacBook-Pro:~ milk$ dig +short archive.today @208.67.222.222
51.38.113.224
MacBook-Pro:~ milk$ dig +short archive.today @64.6.64.6
46.45.185.30

If I do a recursive query myself I get the IP 185.246.154.96. Are all resolvers except Google’s wrong? What is happening here?

Yes they’re intentionally poisoning their DNS results when queried by a Cloudflare resolver. Apparently they have rejected our stance on privacy and believe that the best way to express that it by returning bogus responses to users who choose to use 1.1.1.1.

4 Likes

More specifically, Cloudflare doesn’t send client-subnet to the archive.today nameserver… in the cases above it may be the DNS resolvers send different levels of client-subnet information to the resolver which is why they get different answers.

All of the answers you are getting are “correct” in that they are the response returned to the DNS server(s) you are using when you make your query.

5 Likes

This seems to be resolved! It gives the correct IP now.
Edit: nope.

Not for me unfortunately. It is intentional (still) on their part.

dig archive.today @1.1.1.1 +short
127.0.0.3

1 Like

Same for me.

1 Like

Yesterday it seemed to be working in Latvia for me. https://www.digwebinterface.com also showed me the correct IP with Cloudflare. Today it seems to be poisoned again. I noticed that the behaviour has changed though. First the domains archive.today, archive.is, archive.li and archive.fo returned the IPs 127.0.0.1, 127.0.0.2. 127.0.0.3 and 127.0.0.4. Now, they all seem to return 127.0.0.3 – including archive.vn, archive.md and archive.ph when queried over 1.1.1.1.

1 Like

IPv6 works, IPv4 no

So the IETF standard that they’re asking you to implement where, IIRC, you provide only the /24 (subnet) is unreasonable from a privacy standpoint? Please explain in a little more detail. Is there a compromise solution where at least the IP info is accurate to a continent or country level? That seems to be all they need.

I use their sites often and I’m having to turn off my use of Cloudflare for DNS resolutions. Again.

I had done it before, months ago.

I just re- installed your iOS app, having forgotten for a moment why I had uninstalled it, Ran into the roadblock again and have turned it off again. Not happy.