1.1.1.1 does not resolve archive.is

rmichael · 2018-08-09T17:24:42.745Z

Hello,

1.1.1.1 returns SERVFAIL for archive.is, Google 8.8.8.8 is fine. The DNSViz report (just analyzed today) does show problems. All information from the troubleshooting post is below.

 $ dig archive.is @8.8.8.8

; <<>> DiG 9.8.3-P1 <<>> archive.is @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4695
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;archive.is.                    IN      A

;; ANSWER SECTION:
archive.is.             299     IN      A       46.17.42.43

;; Query time: 127 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug  9 13:06:40 2018
;; MSG SIZE  rcvd: 44

 $ dig archive.is @1.1.1.1

; <<>> DiG 9.8.3-P1 <<>> archive.is @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41948
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;archive.is.                    IN      A

;; Query time: 2560 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Aug  9 13:06:48 2018
;; MSG SIZE  rcvd: 28

 $ dig archive.is @1.0.0.1

; <<>> DiG 9.8.3-P1 <<>> archive.is @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 14050
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;archive.is.                    IN      A

;; Query time: 203 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Thu Aug  9 13:06:59 2018
;; MSG SIZE  rcvd: 28

 $ dig +short CHAOS TXT id.server @1.1.1.1
"YYZ"
 $ dig +short CHAOS TXT id.server @1.0.0.1
"YYZ"

http://dnsviz.net/d/archive.is/W2x2lg/dnssec/

cscharff · 2018-08-09T21:14:36.904Z

Archive.is has chosen not to publish their IP addresses to Cloudflare DNS resolvers. You’ll need to take up the issue with them.

rmichael · 2018-08-09T21:28:41.311Z

Thanks for the reply, I will inquire with them.

I haven’t seen this before. Other than guessing based on the SERVFAIL, how would I know this is what’s happening?

Regards

cscharff · 2018-08-09T21:45:05.216Z

Cloudflare has decided not to support eDNS0 in its current form to protect the privacy of users. One company I am aware of has decided this is unacceptable and refuses to return an answer.

Unfortunately there is no polite way I can explain how you would know this is happening… You could follow their twitter feed where they have made it clear that’s what they are doing i suppose, but who would bother?

rmichael · 2018-08-09T22:01:42.194Z

That’s helpful enough, appreciated. Sorry for the noise, I was unaware of this until today.

rmichael · 2018-08-09T22:08:19.117Z

I see this has also been explained already elsewhere, but searching didn’t turn it up. I’ll drop a link here in case others have trouble with archive.is as well (seems common enough).

Archive.is - Error 1001 1.1.1.1

I can’t resolve archive.is using 1.1.1.1 or 1.0.0.1. Works fine with other name severs. I’m receiving error 1001 using Cloudflare’s DNS. nslookup archive.is 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: Name: archive.is Address: 54.36.225.114 nslookup archive.is 1.1.1.1 Server: 1dot1dot1dot1.cloudflare-dns.com Address: 1.1.1.1 Non-authoritative answer: Name: archive.is Addresses: 2400:cb00:2048:1::681c:1802 104.28.24.2 nslo…

(I was unable to edit my last reply to amend with this…)

cscharff · 2018-08-10T15:58:34.827Z

No worries… until recently I was hopeful they’d simply correct the IP address they were advertising. Turns out they don’t want to do that.

taubin · 2019-01-30T00:15:03.993Z

The sites now redirect to some really dodgy russian site (https://unitleaks.com/) when using cloudflare (and only cloudflare).

Also, archive.is is stating cloudflare has never offered assistance to help with this. https://twitter.com/archiveis/status/1090261010353512451

At this point, I’m pretty fed up with both Cloudflare and archive.is Having the page redirect to some dodgy site, is really not okay, no matter who’s “fault” it is.

mnordhoff · 2019-01-30T00:34:45.440Z

taubin:

At this point, I’m pretty fed up with both Cloudflare and archive.is Having the page redirect to some dodgy site, is really not okay, no matter who’s “fault” it is.

1.1.1.1 is a more or less straightforward DNS service. It doesn’t (at this time) block malware or censor dodgy sites or engage in other modification.

(I’m mentally categorizing DNSSEC negative trust anchors and capitalization and EDNS workarounds somewhere off to the side.)

You’re asking Cloudflare to block archive.is, to replace the IP addresses provided by archive.is’s authoritative nameservers with different ones, or (until recently) apparently to set up a special Cloudflare CDN account for archive.is.

taubin · 2019-01-30T00:55:19.673Z

I’m not asking them to block anything, I’m just sick of the blame back and forth on this. Both sides are blaming each other, and neither seem to want to step forward and actually correct the issue. Like I said, archive.is is stating that Cloudflare hasn’t offered help, and will not help them correct the issue.

This works on every other resolver than Cloudflares. There is an obvious disconnect someplace, I don’t care where it is, what I do care about is the lack of resolution from both sides. Cloudflare is (apparently) refusing to work with them to get it working.

mnordhoff · 2019-01-30T01:06:58.323Z

When 1.1.1.1’s resolvers ask archive.is’s nameservers a question, archive.is gives Cloudflare different IP addresses than it gives other resolvers.

Cloudflare’s simple options are to do nothing, sneak around it by forwarding the requests to another DNS service or using IP addresses archive.is isn’t yet blocking, or ask archive.is why they are doing it and if they can work something out.

archive.is’s simple options are to continue doing this, to reconfigure or fix their DNS servers to stop doing it, or to talk to Cloudflare, reach some sort of deal, and then go back to option 2.

Judge · 2019-01-30T01:15:20.485Z

I’m no expert on DNS, so take this with a grain of salt, but Cloudflare seems to be returning different Nameservers. As I understand it, the NS records are pulled from the registrar’s glue records and/or the root nameservers, so this makes me a little confused

dig NS archive.is @isgate.is
archive.is.             86400   IN      NS      carl.archive.is.
archive.is.             86400   IN      NS      anna.archive.is.
$ dig NS archive.is @1.1.1.1
archive.is.             7768    IN      NS      anna.ns.cloudflare.com.
archive.is.             7768    IN      NS      ben.ns.cloudflare.com.

Not saying CF is doing anything devious, but maybe it’s an issue with isnic’s root nameservers or the registrar. The registrar apparently did have an issue with the archive.is domain having an unauthorized transfer until that twitter account complained and got the attention of one of the registry operators, so I wouldn’t be surprised if the registrar is doing something.

mnordhoff · 2019-01-30T01:54:34.093Z

Interesting.

NS records exist in both the parent and child zones.

Authoritative nameservers return different results for A, AAAA and CNAME records based on geo IP stuff all the time. Doing the same thing with NS records is unusual but just as easy (if your software is flexible enough).

TLDs could do the same thing, but it’s unheard of, as far as I know. It would be a headache. Their registry software probably doesn’t even support it, and their nameservers are probably using a half dozen different implementations run by a half dozen different organizations. Some of them might not support it and all of them would have to be configured separately.

taubin · 2019-01-30T02:05:00.706Z

Doing a dig with Google DNS, OpenDNS, Norton DNS, Commodo DNS and Quad 9 all resolve the same way, with the name servers of anna.archive.is and carl.archive.is. Same with literally every single DNS server listed here: https://public-dns.info/nameserver/nz.html (I picked NZ because that’s where I live)

Yet when run through 1.1.1.1 it resolves to ben.ns.cloudflare.com and anna.ns.cloudflare.com

It seems quite strange that literally every other DNS server I test, routes it properly with the exception of cloudflare. This back and forth with everyone blaming everyone else is getting nowhere. But it’s quite telling that every other provider doesn’t seem to have this problem at all.

mnordhoff · 2019-01-30T02:11:30.177Z

It says that archive.is chose to distinguish between Cloudflare and every other DNS service you tried.

Edit: Probably.

taubin · 2019-01-30T02:24:25.729Z

Yes, I’m absolutely sure they’ve singled out Cloudflare and then amendmently denied it because… reasons…
Out of all of the other thousands and thousands of DNS providers, they chose to mess up just cloudflare.

Sorry not buying it one bit.

mnordhoff · 2019-01-30T02:45:31.342Z

Their tweets apparently explain why they’ve chosen to do it.

https://twitter.com/archiveis/with_replies

Edit: Better link.

taubin · 2019-01-30T03:02:56.816Z

I’ve kept up with their tweets, and in fact tweeted them a few times. If you look at the top reply to what you linked, that’s in answer to me in fact.

They have never said they are intentionally blocking cloudflare, in fact, they have said the opposite, and have stated that cloudflare refuses to work with them on it.

Judge · 2019-01-30T03:06:08.008Z

Twitter is fairly confusing for these types of threads. Here’s the thread where the operator intentionally takes a stance:

twitter.com

archive.today (archiveis)

@xxdesmus @mattjpark @Cloudflare "Having to do" is not so direct here. Absence of EDNS and massive mismatch (not only on AS/Country, but even on the continent level) of where DNS and related HTTP requests come from causes so many troubles so I consider EDNS-less requests from Cloudflare as invalid.

8:04 PM - 12 Jul 2018 1

image of tweet

image.png606×685 64.8 KB

The funny thing is - the resolver (should) does support EDNS. They just choose to break Cloudflare - https://ednscomp.isc.org/ednscomp/9fbbe6057e

mnordhoff · 2019-01-30T03:07:36.434Z

1.1.1.1 supports EDNS. 1.1.1.1 doesn’t support EDNS Client Subnet (ECS) which people sometimes call EDNS.

Topic	Replies	Views	Activity
Custom port? 1.1.1.1	4	811	Apr '18
Modem => Ooma Telo => Router 1.1.1.1	1	293	May '18
Grammar error on home page 1.1.1.1	0	204	Jun '18
1.1.1.1 doesn’t resolve some domains ( but 8.8.8.8 works fine) 1.1.1.1	1	414	Jul '18
DNSCrypt 1.1.1.1 Tomato Shibby 1.1.1.1	1	1.7k	Apr '18

1.1.1.1 does not resolve archive.is

created

last reply

replies

views

users

likes

links

Suggested Topics

Want to read more? Browse other topics in 1.1.1.1 or view latest topics.

1.1.1.1 does not resolve archive.is

created

last reply

replies

views

users

likes

links

Suggested Topics

Want to read more? Browse other topics in 1.1.1.1 or view latest topics.

share a link to this topic