Cloudflare flags archive.today as "C&C/Botnet"; no longer resolves via 1.1.1.2

Posted by winkelmann 15 hours ago

Cloudflare flags archive.today as "C&C/Botnet"; no longer resolves via 1.1.1.2(radar.cloudflare.com)

305 points | 230 comments

winkelmann 15 hours ago|

"archive.today is currently categorized as: * CIPA Filter * Reference * Command and Control & Botnet * DNS Tunneling"

Ditto for their other domains like archive.is and archive.ph

Example DoH request:

$ curl -s "https://1.1.1.2/dns-query?name=archive.is&type=A" -H "accept: application/dns-json"

{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"archive.is","type":1}],"Answer":[{"name":"archive.is","type":1,"TTL":60,"data":"0.0.0.0"}],"Comment":["EDE(16): Censored"]}

---

Relevant HN discussions:

https://news.ycombinator.com/item?id=46843805 "Archive.today is directing a DDoS attack against my blog"

https://news.ycombinator.com/item?id=47092006 "Wikipedia deprecates Archive.today, starts removing archive links"

https://news.ycombinator.com/item?id=46624740 "Ask HN: Weird archive.today behavior?" - Post about the script used to execute the denial-of-service attack

Wikipedia page on deprecating and replacing archive.today links:

https://en.wikipedia.org/wiki/Wikipedia:Archive.today_guidan...

simonw 11 minutes ago|

Thanks for that, I didn't know about that API - which it turns out has open CORS headers so you can call it from JavaScript.

I now have my dream DNS lookup web tool! https://tools.simonwillison.net/dns#d=news.ycombinator.com&t...

rollulus 11 hours ago||

I think there are two angles to look at this. Yes, there’s the attack on the weblog. But there’s also pressure on archive.today, e.g. an FBI investigation [1] and some entity using fictitious CSAM allegations [2].

[1]: https://arstechnica.com/tech-policy/2025/11/fbi-subpoena-tri...

[2]: https://adguard-dns.io/en/blog/archive-today-adguard-dns-blo...

JasonADrury 11 hours ago||

Jani Patokallio who runs gyrovague.com published a blog post attempting to dox the owner of archive.today.

Jani justifies his doxing as follows "I found it curious that we know so little about this widely-used service, so I dug into it" [1]

Archive.today on the other hand is a charitable archival project offered to the public for free. The operator of Archive.today risks significant legal liability, but still offers this service for free.

[1]: https://gyrovague.com/2026/02/01/archive-today-is-directing-...

It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone. The only credible reason for Jani to publish something like this is if he desires to cause physical harm to the operator of archive.today

Or are we just looking at an unhinged fan stalking their favorite online celebrity?

People were critical of the Banksy piece, but this is much nastier. At least Banksy is a huge business, archive.today does not even make money.

dddgghhbbfblk 2 hours ago|||

>It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone.

I would say the opposite... The DDoS is pretty obviously ridiculous, completely unacceptable, and entirely indefensible, while the blog post seems like whatever.

I honestly cannot fathom defending using your popular website as a tool to DDoS someone you have personal beef with, without the consent of the DDoSing participants.

Mogzol 8 hours ago||||

All your comments are painting archive.today as an innocent victim in all this, but in addition to the DDoS, they have been caught modifying archived pages as well as sending actual threats to Patokallio [1] which in my opinion seem far worse than the "doxxing".

Just the fact alone that they modified archived pages has completely ruined their credibility, and over what? A blog post about them that (a) wasn't even an attack, it is mostly praising archive.today, and (b) doesn't reveal any true identities or information that isn't already easily accessible.

From my perspective at least, archive.today seems like the unhinged one, not Patokallio.

[1] https://arstechnica.com/tech-policy/2026/02/wikipedia-bans-a...

walletdrainer 8 hours ago||

[flagged]

throwaway90812 4 hours ago||

[dead]

gyrovague-com 9 hours ago||||

Jani here. What you describe as "doxxing" consisted of a) a whois lookup for archive.is and b) linking to a StackExchange post from 2020 called "Who owns archive.today" [1]. There is literally no new information about the site's owner in the post, all names have been dug up before and are clearly aliases, and the post states as much.

[1] https://webapps.stackexchange.com/questions/145817/who-owns-...

thomassmith65 8 hours ago|||

If the site operator is working for the FSB, doxx away! Although the world needs a better alternative to Internet Archive, it shouldn't be an alternative that is an arm of an authoritarian government.

tomalbrc 8 hours ago||||

[flagged]

walletdrainer 8 hours ago||||

[flagged]

croes 8 hours ago||||

Isn’t doxxing most of the time just collecting data from multiple public sources and connect them?

protimewaster 6 hours ago|||

Maybe, but I don't think that distinction matters here. Surely you're not contending that it counts as doxing every time someone collects data from multiple public sources?

I've always understood doxing to be PII, which aliases aren't, AFAIK, unless they're connected to a real person. And, to my knowledge, everyone is contending that the names in the blog post are all aliases. And, regarding aliases, I've never understood it to be doxing for someone to say "FakeNameX and FakeNameY appear to be the same user."

So, to me, the thing that makes it not look like doxing is that it simply doesn't meet the basic definition of doxing. It provides no PII.

bastawhiz 2 hours ago||||

How low has the bar gotten where doxxing is literally just doing a Google search and a whois lookup about a well-used public website? The hackers of the 90s and aughts would laugh you straight out of the irc server with this comment.

walletdrainer 8 hours ago|||

Yes, that is exactly what “doxing” almost always refers to. It’s a very disingenuous response.

unethical_ban 2 hours ago||||

Maliciously amplifying public information for the purpose of directing anger is also doxxing. Whether that's what you did, I'll let others chime in.

JasonADrury 7 hours ago|||

I don't see how this description changes the fundamental nature of your actions.

Even a half-assed attempt at doxing is still an attempt at doxing.

It'd be much easier to accept that you're acting in good faith had you deleted the post when it became obvious that the target doesn't appreciate it.

You could still do that, and it would very simply be the right thing to do.

bastawhiz 2 hours ago||

You've thoroughly discredited yourself and your other comments with this. If anything, this comment reads exactly like the messages from the archive.today operator. No sensible person could read the original blog post and read this comment as anything other than an attempt to spread lies and pressure Jani.

Aurornis 25 minutes ago||||

> It's weird to see people getting fixated on the DDoS,

The weird part to me is that some people are seemingly trying to downplay a popular website abusing visitors to DDoS someone.

Two wrongs don’t make a right. Feeling wronged by someone doesn’t give you freedom to abuse every visitor to your website to DDoS someone else.

dgxyz 9 hours ago||||

I'm wondering if Jani is possibly going to walk into the wrong party here and get burned. I did some public archival stuff about a decade ago and it was state sponsored and for the intelligence community. I'm not suggesting this is but it'll be very much of interest to competing intelligence services as it's an information control point. None of those are the sort of people you start pissing off by sticking your dick in it. FBI is likely just one of the actors here.

derefr 9 hours ago||

You seem the right person to ask about this: why don’t we see any public web archivers operated by individuals or organizations based in countries that aren’t big fans of aiding or listening to American intelligence?

dgxyz 7 hours ago||

Well they certainly do exist. However they tend not to even get noticed because the mindset and momentum behind everything is America-centric.

KronisLV 7 hours ago||||

> It's weird to see people getting fixated on the DDoS, which is obviously far less nasty than actually attempting to dox someone.

Why even do that, then? Why not just make a public post of theirs like: "Hey, here's someone trying to doxx me, and here's the unfair and fictitious bullshit the lying government is trying to pin on me. Here's all the facts, decide for yourselves."

Why do something as childish as DDoSing someone which takes away any basic good will and decency/respect you might have had in the eyes of many?

That way, it'd also be way more clear whether attempts at censorship are motivated by them acting as a bad actor, or some sort of repression and censorship thing.

I don't really have a horse in this race, but it sounds like lashing out to one own's detriment.

eipi10_hn 1 hour ago||||

Don't use my computer to DDoS others please. That's nastier than the shallow post of that article.

throwingcookies 4 hours ago||||

[flagged]

JasonADrury 3 hours ago|||

You've caught me!

jojomodding 2 hours ago|||

Be careful, you might be doxxing someone and that of course warrants your website getting DOS'd.

rdevilla 10 hours ago|||

Perhaps Mr. Patokallio would like the same scrutiny applied to his own life now - it's only fair, and we have the technology.

rcakebread 9 hours ago||

Read the archive.today blog, whoever is running archive.today already made many posts about Patokallio and his family members.

Hamuko 10 hours ago|||

So the two angles are that archive.today is doing something illegal and also being investigated by American law enforcement?

expedition32 7 hours ago||

I suppose an argument can be made that archive infringes copyright.

Hell I use it to circumvent paywalls.

windexh8er 1 hour ago||

So, if that's the case we can get all frontier provider sites marked as such as well?

f-serif 11 hours ago||

A bit context if you are confused why Public DNS server blocking websites. 1.1.1.2 is Malware blocking DNS server similar to AdBlock DNS server. It is not 1.1.1.1 and 1.0.0.1

Here is the DDoS context https://gyrovague.com

apaprocki 1 hour ago||

And for parents: 1.1.1.3 blocks adult content :)

swrobel 2 hours ago||

For some reason I thought 1.1.1.1/1.0.0.1 already wouldn’t resolve archive.[today|is|ph] anyway

roywiggins 2 hours ago||

Sort of:

https://jarv.is/notes/cloudflare-dns-archive-is-blocked

1vuio0pswjnm7 2 hours ago||

Some time ago, probably at least a year, likely more, I read a blog post by someone working for Google in Europe who loved using Archive.today and out of curiosity tried to determine who was running it. In the end he gave up, offered to buy the operator a beer or something like that, but if I recall correctly he went to even greater lengths in his research than the blogger discussed in this thread

I wish I could find it

stuffoverflow 13 hours ago||

Archive.today's attack on https://gyrovague.com is still on-going btw. It started just over two months ago. Some IPs get through normally but for example finnish residential IPs get stuck on endless captchas. The JS snippet that starts spamming gyrovague appears after solving the first captcha.

winkelmann 13 hours ago||

I'm not a web developer, but I've picked up some bits of knowledge here and there, mostly from troubleshooting issues I encounter while using websites.

I know there are a number of headers used to control cross-site access to websites, and the linked blog post shows archive.today's denial-of-service script sending random queries to the site's search function. Shouldn't there be a way to prevent those from running when they're requested from within a third-party site?

sheept 12 hours ago|||

You can't completely prevent the browser from sending the request—after all, it needs to figure out whether to block the website from reading the response.

However, browsers will first send a preflight request for non-simple requests before sending the actual request. If the DDOS were effective because the search operation was expensive, then the blog could put search behind a non-simple request, or require a valid CSRF token before performing the search.

bawolff 11 hours ago||||

> I know there are a number of headers used to control cross-site access to websites

Mostly these headers are designed around preventing reading content. Sending content generally does not require anything.

(As a kind of random tidbit, this is why csrf tokens are a thing, you can't prevent sending so websites test to see if you were able to read the token in a previous request)

This is partially historical. The rough rule is if it was possible to make the request without javascript then it doesn't need any special headers (preflight)

JasonADrury 13 hours ago|||

[flagged]

47282847 12 hours ago|||

One side publishes words, the other DDoSes. One side could just ignore the other and go about their business, the other cannot. One is using force, which naturally leads to resistance and additional attention, the other is not.

Both sides look like they have been bullied in the past and not found their way out of reproducing the pattern yet.

croes 11 hours ago|||

Words can have bad consequences. We‘ll see what will happen to Banksy after Reuters published words.

JasonADrury 11 hours ago|||

[flagged]

47282847 2 hours ago||

Words can have influence and can come from a place of authority, which does carry responsibility. Words of a president are very different from words published on a random blog by some random person, and different yet again from words published by a newspaper. Some presidents words are opinion, the same words in different context are commands and not acting on them comes at a price.

Context matters. Which is why also different rules apply, and laws exist to guard these rules. DDoS is not an acceptable response in any jurisdiction, no matter what triggered them. We’re not in the Middle Ages, even if some behave like we are. Violence does not justify violence. Unjust action does not justify unjust responses.

throwingcookies 12 hours ago||||

> The blog is still online and only exists as a part of a harassment campaign targeting archive.today

The blog has a lot of more posts on random topics. Why do you imply that the owner of the bloh is part of a harassment campaign and "only" that is the reason for this years old blog to exist?

JasonADrury 12 hours ago||

Because all the content in the past 4+ years is about archive.today?

Mogzol 12 hours ago|||

Not true: https://gyrovague.com/2025/02/23/anatomy-of-a-boarding-pass-...

There are only two posts about archive.today on the blog, and one of them only exists because archive.today started DDoSing them. I fail to see how you could consider the entire blog to be a "harassment campaign", especially considering that the original blog post isn't even negative, it ends with a compliment towards archive.today's creator.

winkelmann 12 hours ago||||

> all the content in the past 4+ years is about archive.today

But it's not? This was published between the two posts about archive.today: https://gyrovague.com/2025/02/23/anatomy-of-a-boarding-pass-...

JasonADrury 12 hours ago||

Okay, there's one filler post I missed. I'm sure it took a lot of time to write the 16739382nd post explaining what the various things on a boarding pass mean.

ahhhhnoooo 12 hours ago||

They have posted twice in four years. Once doing some digging into who runs archive today, and a second time to respond to a ddos attack.

Writing about being ddos'd seems eminently reasonable. So if you elide that, you are talking about a single article in four years.

It's genuinely nothing.

JasonADrury 11 hours ago|||

The purpose of a thing is what it does.

throwingcookies 11 hours ago||

> The purpose of a thing is what it does.

What is the purpose of the DDoS JS in the archive website then? Not DDoS?

JasonADrury 11 hours ago||

I'm sure it's DDoS, just like the purpose of gyrovague.com is to attack archive.today

Easy stuff, no?

ahhhhnoooo 4 hours ago||

Attack? Did we read the same one article? One article is clearly defensive. The other is a piece of investigative journalism about who and how the site is run.

Neither of those is an attack.

JasonADrury 4 hours ago||

Of course attempting to dox someone is an attack.

throwingcookies 4 hours ago||

> Of course attempting to dox someone is an attack.

That's not how the judicative system works.

jrflowers 11 hours ago||||

This is a weird way of saying that you wish gyrovague updated more frequently. You could just say “Big fan of his writing, I’d love it if he posted more” if your only complaint is that there aren’t enough recent blog posts on that website

longislandguido 12 hours ago||||

You think DDoS (which is illegal btw) is okay as long as you don't like the target?

DaSHacka 10 hours ago|||

Considering the site itself is an illegal archive of websites, I think its obvious most of us don't treat what's 'legal' as a guide to whats 'moral'.

JasonADrury 11 hours ago||||

I, like almost all people, firmly believe that dropping bombs on people is okay as long as I find the target sufficiently despicable.

Why are you pretending to be surprised by this view that is held by approximately every single person in the world?

Or do you think we should have different standards for DDoS and actual violence?

RobotToaster 11 hours ago|||

Harassment an doxing are both illegal.

hrimfaxi 7 hours ago||

Doxxing is illegal? I am against it but if it's republishing public info I don't think it can be illegal in the US unless there is an intent element.

RobotToaster 3 hours ago||

The blog author is in Finland, so it's covered by the Article 8 right to privacy of the ECHR. The exact implementation is country dependent, I don't know how it works in Finland but in the UK we just extended the common law tort of "Breach of confidence" to it.

riedel 11 hours ago|||

While I would it also better to a bit redact names and details mentioned in the original article in hindsight, I hardly find real defamation. I guess you want to provide random unproven evidence if someone is target of various foreign law enforcement and commercial sites. In the article they even call for donations to archive.today . As far as I read the tone of the post is full of admiration. Funny thing is that IMHO the rather childish JavaScript attack gives credibility to the post after all. In all this I somehow hope that we see a legal solution to all this major global copyright crisis that has been reinforced by LLM training. (If you want conspiracy theory: that I guess would be easy monetization for archive these days selling their snapshots)

JasonADrury 11 hours ago||

Defamation? No.

Doxing? Yes.

It's clear that the person running archive.today does not actively publicize their identity.

> As far as I read the tone of the post is full of admiration

Exactly like an unhinged fan stalking a celebrity.

riedel 9 hours ago||

Totally agreed. Thanks for raising awareness.

Thinking about it, I think we might need better platform rules, maybe even regulations on this. There seems to be pretty much no line of defense, which might explain the rather desperate DoS. If you take anonymity as a right, discussion like ours here on HN are dangerous as well, as they easily make otherwise difficult to find knowledge easily visible. So while a single fan page might go unnoticed, in case of doxing amplification is also a problem. Just my spontaneous thought.

Edit: one afterthought. The story about hacking together a response to the GDPR takedown request quoting press rights and freedom of speech using an LLM shows actually the deeper problem. Actually rights come with obligations (at least ethical ones). At least in Europe press standards are typically rather aware of doxing risks. While actually celebraties also successfully use legal defenses, i still think the defenses for activist are weak balancing interest here (at least if you made something of public interest)

dawnerd 2 hours ago|||

I get the endless captcha with a Southern California ip. Something emus either very broken or malicious.

Anonyneko 2 hours ago|||

I've been getting the endless captcha on my Finnish residential IPs, but I've also been getting that (or outright timeouts) when using VPNs, so I cannot use the site altogether. I wish there were alternatives.

throwingcookies 13 hours ago|||

Why is archive today attacking that website?

nailer 12 hours ago||

The linked blog contains a story about who funds archive today and they presumably don’t like being exposed.

JasonADrury 11 hours ago|||

The crucial context here is that archive.today provides a useful public service for free.

Jani Patokallio runs gyrovague.net in order to harass people who provide useful public services.

It's not surprising that the owner of archive.today does not like being exposed, archiving is a risky business.

drum55 11 hours ago|||

Should providing a public service absolve all sins?

JasonADrury 11 hours ago|||

So far, the only sin archive.today has been accused of is retaliating against a guy attempting to dox them.

That's a pretty small sin in my book. To be written off as wildly unsuccessful but entirely justified self defense.

DDoSing gyrovague.com is silly, not evil.

The content on gyrovague.com which targets archive.today is evil, plain and simple.

altairprime 1 hour ago|||

By this logic, the Code Green worm is ethical; forcing a security patch upon users who didn’t install one is obviously Not Evil. And that’s why operating systems aren’t wrong to force security updates on their users using invisible phone-home systems that the users aren’t aware of: it’s a small sin that is entirely justified self defense for the users and the device maker. Clearly we should all be updated to iOS 26 without our consent.

The ‘small sin’ of wielding your userbase as a botnet is only palatable for HN’s readers because the site provides a desirable use to HN’s readers. If it were, say, a women’s apparel site that archived copies of Vogue etc. (which would see a ton of page views and much more effective takedown efforts!) and pointed its own DDoS of this manner at Hacker News, HN would be clamoring for their total destruction for unethical behavior with no such ‘it’s just a evil for so much good’ arguments.

Maintaining ethical standards in the face of desire for the profits of unethical behavior is something tech workers are especially untrained to do. Whether with Palantir or Meta or Archive.today, the conflict is the same: Is the benefit one derives worth compromising one’s ethics? For the unfamiliar, three common means of avoiding admitting that one’s ethics are compromised: “it’s not that bad”, “ethics don’t apply to that”, and “that’s my employer’s problem”. None of those are valid excuses to tolerate a website launching DDoS attacks from our browsers.

ellen364 7 hours ago||||

The person who runs archive.today decided to involve me, and every other visitor, in their dispute. They decided to use us to hurt someone else. That's a pretty big sin in my book.

Permik 8 hours ago||||

archive.today has a documented history of altering the archived content, as such they immediately lose the veil of protection of a service of "public good" in my books.

Just my 2 ¢, not that it really matters anymore in this current information-warfare climate and polarization. :/

baal80spam 8 hours ago||

> archive.today has a documented history of altering the archived content

Wow, I had no idea. Thanks.

JasonADrury 7 hours ago||

Archive.org has an even worse history of this, FWIW.

It allows website owners and third parties to tamper with archived content.

Look here, for example: https://web.archive.org/web/20140701040026/http://echo.msk.r...

Archive.today is by far the best option available.

mannyv 53 minutes ago||||

[flagged]

cindyllm 50 minutes ago||

[dead]

miken123 10 hours ago|||

> So far, the only sin archive.today has been accused of is retaliating against a guy attempting to dox them.

I think you're missing that circumventing paywalls is unlawful in most parts of the world.

animuchan 10 hours ago|||

Respectfully, it's not, in most parts of the world.

choo-t 10 hours ago||||

> I think you're missing that circumventing paywalls is unlawful in most parts of the world.

And a necessity if you want to archive the content correctly, also necessary if you want the archives to be publicly available.

Hamuko 10 hours ago|||

Not really sure if circumventing paywalls is that unlawful across the world, but basically copying and pasting an entire web page is just clear and simple copyright violation.

vachina 10 hours ago||||

I know it's petty. But don't act surprised when you find your garbage strewn all over your lawn next morning after you flipped off your neighbor the fourth time.

kuschkufan 11 hours ago|||

[flagged]

nailer 6 hours ago|||

Archive today being free doesn’t excuse them using their audience to DDoS someone they don’t like or excuse them from modifying archive content. Also documenting who funds a service is in the public interest.

JasonADrury 6 hours ago||

>Also documenting who funds a service is in the public interest.

Not really, no. It's not unlikely to result in the service ceasing to exist.

throwingcookies 12 hours ago||||

Thanks. I am so confused by this social drama, I feel like I am getting too old for this.

ryandrake 12 hours ago||

It’s truly weird and unhinged the extent to which two rando Internet People are willing to grief each other.

throwingcookies 11 hours ago||

Parasocialweb 2.0 I suppose.

steveharing1 10 hours ago||||

You mean just to keep their secrets hidden they hurt others?

choo-t 10 hours ago||

Like most companies or state ?

As an individual, keeping their identity private is the only way to prevent oppression.

VERIRoot 12 hours ago|||

well that exposing is hurting more than 2 for sure

riedel 8 hours ago||

While you article is insightful. Can the blog author please redact the actual names and nicks from your orginal blog post (including the exact places where to find the information). As this was discussed below. While I think you had good intentions, but it might be good to also reflect on the rights of that person not be identified.

Edit: I misread the comment initially as from someone with more insight. However, I guess it is obvious that anyone can see the JavaScript and participates involuntarily in the DoS.

GTP 2 hours ago||

I reported the miscalssification, you can do it as well from the linked page.

Edit: reading some comments here seems that I was too fast, and that the story is much more complicated. Having just the Cloudflare page as a context, I assumed the news were a miscalssification. Could someone share more context on what is going on here?

kmfrk 5 hours ago||

What a crazy timeline this has been.

(1) May 04 2019: "Tell HN: Archive.is inaccessible via Cloudflare DNS (1.1.1.1)" [https://news.ycombinator.com/item?id=19828317]

    eastdakota on May 4, 2019 on: Tell HN: Archive.is inaccessible via Cloudflare DNS...

    [Via https://news.ycombinator.com/item?id=19828702]
    
    We don’t block archive.is or any other domain via 1.1.1.1. Doing so, we believe, would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
   
    Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
   
    The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. We’re aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals, which was part of the motivation for the privacy and security policies of 1.1.1.1.
    
    EDNS IP subsets can be used to better geolocate responses for services that use DNS-based load balancing. However, 1.1.1.1 is delivered across Cloudflare’s entire network that today spans 180 cities. We publish the geolocation information of the IPs that we query from. That allows any network with less density than we have to properly return DNS-targeted results. For a relatively small operator like archive.is, there would be no loss in geo load balancing fidelity relying on the location of the Cloudflare PoP in lieu of EDNS IP subnets.
    
    We are working with the small number of networks with a higher network/ISP density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up with an EDNS IP Subnet alternative that gets them the information they need for geolocation targeting without risking user privacy and security. Those conversations have been productive and are ongoing. If archive.is has suggestions along these lines, we’d be happy to consider them.

(2) Sep 11 2021: "Does Cloudflare's 1.1.1.1 DNS Block Archive.is? (2019) (jarv.is)" [https://news.ycombinator.com/item?id=28495204]

zamadatix 4 hours ago|

The 1.1.1.1 referred to in the above is Cloudflare's main resolver, 1.1.1.2 & 1.1.1.3 are for those intentionally looking for malware and content blocking.

jeremie_strand 8 hours ago||

The DNS tuneling flag alongside C&C/botnet is the odd one — that category implies data exfiltration or firewall bypass, not just aggressive crawling or DDoS behavior. Would be interesting to know what traffic pattern triggered it.

winkelmann 3 hours ago|

I was wondering about this too. I thought that it could be about it being possible to use archive.today to view sites otherwise blocked via DNS, but web.archive.org[1] doesn't have that flag, so it must be something else.

[1] https://radar.cloudflare.com/domains/domain/web.archive.org

breppp 11 hours ago||

While I fully support this instance, I wonder what else Cloudflare has set to "Censored", apart for the obvious CSAM

Kwpolska 9 hours ago|

1.1.1.2 is their malware-blocking DNS, and 1.1.1.3 is their parental-controls DNS. If you want an unfiltered DNS, use 1.1.1.1 - which resolves archive.today just fine, although archive.today itself refuses to work on Cloudlfare DNS.

sgbeal 9 hours ago|||

> 1.1.1.2 is their malware-blocking DNS, and 1.1.1.3 is their parental-controls DNS. ...

TIL, thank you. Time to go tweak my pi-hole server...

arvid-lind 9 hours ago|||

I'm just curious, given all the other options that respect your privacy and don't put data collection at the center of their business model, why do you use Cloudflare on your pi-hole?

sgbeal 8 hours ago|||

> why do you use Cloudflare on your pi-hole?

Because "if it ain't broke, don't fix it." i'm not one of those users who want to endlessly tweak their ad blocker. i want to set it up, clicking as few checkboxes as necessary to get it going, and then leave it. However, (now) knowing that Cloudflare filters different only each of their servers, i'm incentivized to go tweak a number in the config (as opposed to researching the pros and cons of every possible provider, a detail i truly have no interest in pursuing).

OJFord 2 hours ago||

If you mean you had 1.1.1.2 as a secondary, and don't want it to have a different configuration, you can use 1.0.0.1 along with 1.1.1.1 instead.

sgbeal 1 hour ago||

> If you mean you had 1.1.1.2 as a secondary, and don't want it to have a different configuration, you can use 1.0.0.1 along with 1.1.1.1 instead.

i had no clue which one was active. It was, for me, just a checkbox at the time. This thread prompted me to go check and tweak appropriately.

UqWBcuFx6NV4r 4 hours ago||||

Privacy nuts are almost uniquely unable to comprehend that someone else on earth may possible have priorities that differ from theirs.

philipallstar 2 hours ago|||

Strong counter-evidence: they ask why.

arvid-lind 4 hours ago|||

that's an observation, I guess... OP set up a pi-hole so it's not a stretch they would do a quick search for "free privacy dns". you make it sound like it takes some kind of reprioritization, why?

daymanstep 9 hours ago||||

Which options respect your privacy?

diarrhea 7 hours ago|||

I use unbound (recursive resolver), and AdGuard Home as well (just forwards to unbound). Unbound could do ad-blocking itself as well, but it's more cumbersome than in AGH. So I use two tools for the time being.

The upside is there's no single entity receiving all your queries. The downside is there's no encryption (IIRC root servers do not support it), so your ISP sees your queries (but they don't receive them).

dannyfritz07 6 hours ago||||

I'll throw https://nextdns.io into the mix. Been very happy with it. Supports DOH, block lists, among a plethora of other features.

travoc 8 hours ago||||

AdGuard DNS servers are excellent.

ranger_danger 5 hours ago||||

The ones where you don't send a single company all of your queries

nom 8 hours ago|||

quad9

TZubiri 8 hours ago|||

what is the vector here? dns traffic is practically anonymous, there would have to be some very specific and purposeful trickery going on to link dns traffic to an identity. It sounds like something more hypothetical than a tangible threat model

hirako2000 7 hours ago|||

It isn't anonymous. DNS server resolve, IP addresses by hostnames. It cannot then inspect further traffic but it certainly can log your IP address and all URL's a given IP ever hit.

Since ISP know your identity, and all it takes is to (request and get) the DNS logs and ISP servitude for all sort of questionable information, you as an identity are giving away all sites domains you visit.

sgbeal 6 hours ago|||

> It cannot then inspect further traffic but it certainly can log your IP address and all URL's a given IP ever hit.

Correction: they can log host names/IPs, not URLs. The path of any given URL is part of the HTTP header, invisible to onlookers (assuming HTTP and assuming HTTPS is uncracked).

hirako2000 1 hour ago||

I can't edit. That is correct. URLs can't be known to a DNS server. Just the hostname and IP.

UqWBcuFx6NV4r 4 hours ago|||

Hi. If your response involves explaining the very very basics of DNS to someone that clearly knows what DNS is, please consider the possibility that you may have misunderstood them instead of lecturing them on the basics of ubiquitous internet technologies.

hirako2000 1 hour ago||

I didn't mean to offense. It did seem OP didn't get the IP can be logged, either that or how an IP can reveal identity.

mat_b 2 hours ago||||

I did some experimenting recently and I'm quite convinced that when I use Comcasts DNS they are selling it to advertisers. I've switched to 1.1.1.1 simply because it annoys me that Comcast is doing this.

edoceo 1 hour ago||

How could that experiment work?

arvid-lind 6 hours ago|||

> A Cloudflare Ray ID is an identifier given to every request that goes through Cloudflare.

https://developers.cloudflare.com/fundamentals/reference/clo...

if you think a little creatively about how this information could be used by an organization that was created at the insistence of the United States Department of Homeland Security, then you're on the right track.

TZubiri 8 hours ago|||

Today we are one of the lucky 10k

Hamuko 9 hours ago||||

The "censored" part of archive.today seems unrelated to the filtering itself. 1.1.1.3 flags Pornhub.com as "EDE(17): Filtered" but archive.today is "EDE(16): Censored".

Supposedly it should be an external party that's requiring Cloudflare not to publish the DNS record. https://www.rfc-editor.org/rfc/rfc8914.html#name-extended-dn...

surgical_fire 9 hours ago|||

I have no idea why anyone would use Cloudflare DNS, much less trust their more filtered versions.

saaaaaam 9 hours ago|||

I use cloudflare DNS because it’s faster. But should I worry, having read your comment? What is the downside to using it? What would you recommend instead?

surgical_fire 8 hours ago||

Quad9.

Many years ago I used Cloudflare, and more than once I had issues with them blocking websites I wanted to access.

I absolutely despise that. I want my DNS to resolve domain names, nothing else.

For blocking things I have Pi-Hole, which is under my control for that reason. I can blacklist or whitelist addresses to my needs, not to the whims of a corporation that wants to play gatekeeper to what I can browse.

akerl_ 7 hours ago|||

So… why not use 1.1.1.1, cloudflare’s resolver that does not block resolution?

1.1.1.2 and .3 are explicitly offered with filtered responses.

surgical_fire 7 hours ago|||

I used to use 1.1.1.1. I still had issues.

Quad9 behaves exactly as I expect a DNS to work, in the sense that I only remember I use it when the topic of DNS pops up.

akerl_ 7 hours ago||

Your claim was that 1.1.1.1 was blocking sites.

Are you saying now you just had issues with the quality of service? Or do you want to provide more details to substantiate the claim that they were blocking sites?

surgical_fire 7 hours ago||

No, I do not keep any logs from domain name resolution from the DNS service I used from 7+ years ago. If you do, I commend you.

I used the term "blocking" in a loose sense. I have no idea if Cloudflare was failing to resolve certain domains because it is a shitty service, or if it was ordered to block those domain names by its government, or if it was actively not resolving domain names because it thought a good idea to be a sort of arbiter and gatekeeper. I suspect the last option, but it is just speculation.

What I can affirm is that I had issues more than once with domain name resolution when I used 1.1.1.1. After it annoyed me enough I switched to Quad9, and it has been great ever since, which is why I recommend it as a user of their service.

longislandguido 2 hours ago|||

> I have no idea if Cloudflare was failing to resolve certain domains because it is a shitty service, or if it was ordered to block those domain names by its government, or if it was actively not resolving domain names because it thought a good idea to be a sort of arbiter and gatekeeper.

I'm going to go with option D) whatever shitty site you were browsing to had a broken DNS or more likely DNSSEC configuration and Cloudflare was correct to not serve a corrupt response.

99% of the time, tales of "they're blocking my site! you guys are nazis!" always turn out to have a root cause of broken DNS configuration.

surgical_fire 1 hour ago||

> I'm going to go with option D) whatever shitty site you were browsing to had a broken DNS or more likely DNSSEC configuration and Cloudflare was correct to not serve a corrupt response.

And once I switched DNS I could browse it normally.

This does not align quite well with the scenario you propose.

> "they're blocking my site! you guys are nazis!"

I said no such thing. I said it was a shitty DNS because it failed at the thing I was trying to use it for.

akerl_ 7 hours ago|||

I don’t keep DNS logs at all. But I also don’t show up 7 years later trash talking a company or product based on guesswork and fear.

surgical_fire 7 hours ago||

It's not based in "guesswork and fear". It is a first-person account of someone that used their service. A user review, if you will.

There's this thing - when you offer a service to the public, the users of your service, can, will, and should review your service.

So, yes, I am free to "trash talk" a service that was, frankly, terrible at its job in providing domain name resolution. That works as any other user review, a data point so other users may switch away from a bad provider to a better one.

I imagine if someone goes to a restaurant and they their hot dish is served cold, if your response to the user review is a silly request for proof that the food was indeed served cold, and whining that their review is "trash talking based on fear and guesswork".

akerl_ 7 hours ago||

If you said that they served you cold food because the US government made them do it, yea, I’d think you were nuts.

surgical_fire 4 hours ago||

And that's not what I said?

I offered some possibilities of why they did a shitty job in providing naming resolution. I even speculated what was the most likely one (not the one you mentioned).

But it's okay, at this point I have very little optimism regarding your reading ability.

hirako2000 7 hours ago|||

Because that would be subject to the whim of the provider, who subject to court orders would have to oblige to continue operating as US entity.

akerl_ 7 hours ago||

How does that differ from Quad9? You’re subject to Swiss laws, so there’s still a government involved? And you’re now hosted in an area where the US government has far fewer limitations on what they can attempt.

Kwpolska 6 hours ago||

Quad9 is based in Switzerland, but the three founders-sponsors are US-based [0], so I’m not sure if it can be considered 100% safe from US government intervention.

[0] https://quad9.net/about/sponsors/

KomoD 6 hours ago|||

The ASN and stuff is also operated by a US entity it seems like:

  ASHandle:       AS19281
  Street:         CleanerDNS Inc. dba Quad9
  Street:         1442A Walnut Street, Suite 501
  City:           Berkeley
  State/Prov:     CA
  Country:        US

They also have servers in the US, so that's yet another reason not to consider them "100% safe from US government intervention"

akerl_ 6 hours ago|||

Also a quick search suggests that Switzerland has made Internet providers in-country block DNS results in the past.

ranger_danger 2 hours ago|||

Why give all your queries to a single company with an interest in tracking you and selling your data?

8cvor6j844qw_d6 7 hours ago||||

Same thoughts. Cloudflare DNS is noticeably slow to resolve on some of my devices.

Switching to literally any other DNS and the same domains resolve instantly.

Could be a issue specific to my location or devices, but its been consistent enough that I stopped bothering.

Bender 7 hours ago||

I don't use the public resolvers but here [1] is a script that will show which of those public resolvers is fastest from your location. Add or remove resolvers as you desire. Be sure to scroll down to see a few of the sorting examples. Not my script or repo.

Just as a side note: Something I have done with this in the past as a fun experiment was to set up an Unbound DoT server on assorted VPS nodes in assorted locations around the country, run this script and configure each Unbound to use the 5 to 10 fastest servers on each node and cache results longer. Then I used Tinc (open source VPN) to connect to these VPS nodes from my home's Unbound and distribute the requests among all of them. I save query logs from all of them and use cron to look up all my queries hourly to keep the cache fresh and mess up any analytic patterns for my queries. Just a fun experiment. 99.99% of the time I just query the root DNS servers for what NS servers are authoritative for a given domain or what I call bare-backing the internet.

[1] - https://github.com/cleanbrowsing/dnsperftest

ranger_danger 4 hours ago|||

I have no idea why anyone would drink water from a faucet, much less trust their more filtered versions.

surgical_fire 4 hours ago||

[flagged]

UqWBcuFx6NV4r 4 hours ago||

You sufficiently devolved the conversation by feeling it worth voicing “I don’t know why different people willingly use different things”. What are we supposed to do with that? Next you’re going to chastise us for not using ThinkPads.

bigyabai 2 hours ago|||

Have you stopped and asked yourself why they were criticizing Cloudflare's DNS? I feel like you could write this comment defending Facebook addicts or revenge porn.

surgical_fire 4 hours ago|||

> What are we supposed to do with that?

Apparently, respond to me with inane thoughts, to which I patiently reply.

> You sufficiently devolved the conversation by feeling it worth voicing “I don’t know why different people willingly use different things”.

Also, let's appreciate the irony of your message here: https://news.ycombinator.com/item?id=47464134#47477847

PeterStuer 11 hours ago|

Otoh, without archive.today a substantial % of HN posts would be unreadable for nearly all of the audience.

henearkr 11 hours ago|

I doubt it.

You may have mixed it up with archive.org.

JasonADrury 11 hours ago|||

I suggest you double-check that. Archive.today/archive.is is the one which bypasses paywalls and makes unreadable content readable, not archive.org

henearkr 10 hours ago||

Ah! You may well be right. Thanks.

That's bad then, to depend on that for paywall bypass...

I hope very much that the situation evolves into a more satisfactory one.

DanielHall 9 hours ago|||

[dead]

More comments...