Erroneous DNS responses for archive.is, archive.today, archive.fo

Zero Trust 1.1.1.1
1

I’m trying to resolve the domains archive.is, archive.today and archive.fo domains through 1.1.1.1, and it seems that Cloudflare randomly returns either a SERVFAIL or a NOERROR with 127.0.0.5 in the answer.

DNS resolution from alternative DNS servers (Google, OpenDNS) work fine.

The output from dig is as follows:

/ # dig archive.is @1.1.1.1

; <<>> DiG 9.14.8 <<>> archive.is @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57912
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;archive.is.			IN	A

;; ANSWER SECTION:
archive.is.		8174	IN	A	127.0.0.5

;; Query time: 11 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Dec 29 19:20:00 UTC 2019
;; MSG SIZE  rcvd: 55

/ # dig archive.is @1.1.1.1

; <<>> DiG 9.14.8 <<>> archive.is @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8321
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;archive.is.			IN	A

;; Query time: 122 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Dec 29 19:21:22 UTC 2019
;; MSG SIZE  rcvd: 39

Maybe someone can take a look?

2

Please use the search, this is a common question.

In short, that site deliberately returns invalid data to Cloudflare. For that reason you wont be able to resolve it via Cloudflare until they stop doing so.

3

:wave: @user8341,

Those answers aren’t erroneous. The operator of the DNS servers for those zones intentionally poisons the responses because %reasons%. 1.1.1.1 is working just fine, the operators of archive.is are trying to %make some kind of point about something… possibly alligators… who really knows% :facepalm:

— OG

2 Likes