Bad Cached Replies for archive.is by Cloudflare DNS-over-HTTPS

mforsetti · April 1, 2023, 7:00am

Hello,

I’m getting bad cached replies for domain archive.is using Cloudflare DoH:

$ curl --http2 -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=archive.is" 2>/dev/null | jq
{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": false,
  "CD": false,
  "Question": [
    {
      "name": "archive.is",
      "type": 1
    }
  ],
  "Answer": [
    {
      "name": "archive.is",
      "type": 1,
      "TTL": 76180,
      "data": "1.1.1.4"
    }
  ]
}

For comparison, here’s what I got from Google DoH:

$ curl --http2 -H "accept: application/dns-json" "https://dns.google/resolve?name=archive.is&type=A" 2>/dev/null | jq
{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": false,
  "CD": false,
  "Question": [
    {
      "name": "archive.is.",
      "type": 1
    }
  ],
  "Answer": [
    {
      "name": "archive.is.",
      "type": 1,
      "TTL": 194,
      "data": "23.137.249.79"
    }
  ]
}

I haven’t tried other domains from .is TLD, other TLDs from .is Registrar, or other domains using NS from archive.is.

brobinson1 · April 3, 2023, 9:19pm

Does running a dig or using a global checker like DNS Checker - DNS Check Propagation Tool

I cannot replicate using dig. I see different results.

dig archive.is @1.1.1.1 +short
217.197.116.88

cscharff · April 4, 2023, 12:46am

They aren’t bad replies. archive.is decides to intentionally poison the cache of Cloudflare DNS resolves to further their own agenda (I forget what the agenda is because … who cares). But this is their choice, Cloudflare can’t/won’t fix their decision.

system · April 7, 2023, 12:46am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.