
Tell HN: Unexpected errors with Archive.is on Cloudflare 1.1.1.1 DNS - obi1kenobi
Set 1.1.1.1 as your primary DNS resolver. Then, try to visit this link: https:&#x2F;&#x2F;archive.md&#x2F;FyTDB<p>You should get a certificate warning, and if you choose to proceed anyway, you&#x27;ll get a Cloudflare-originated 403 Forbidden page.<p>Now set 8.8.8.8 as your DNS and reload the page, and you&#x27;ll see it open normally. No broken cert, no 403 status code, just a working website.<p>I found this very unexpected. Am I missing something obvious, or am I not the only one surprised to see this?
======
milankragujevic
Its the other way around, see this post by Cloudflare CEO Matthew Prince
[https://news.ycombinator.com/item?id=19828702](https://news.ycombinator.com/item?id=19828702)

~~~
obi1kenobi
Thanks, that makes sense. Updated the post title to something I felt was more
accurate given the situation.

------
jgunsch
Cloudflare is not MITM-ing, Archive is deliberately misleading Cloudflare.

See previous discussion at
[https://news.ycombinator.com/item?id=19828317](https://news.ycombinator.com/item?id=19828317)
.

------
obi1kenobi
Downgrading to HTTP and removing the path (so just
[http://archive.md/](http://archive.md/) ), I get the following:

""" Error 1001 Ray ID: 599a073ddbc3ae0c • 2020-05-26 19:50:59 UTC DNS
resolution error What happened? You've requested a page on a website
(archive.md) that is on the Cloudflare network. Cloudflare is currently unable
to resolve your requested domain (archive.md). There are two potential causes
of this:

Most likely: if the owner just signed up for Cloudflare it can take a few
minutes for the website's information to be distributed to our global network.
Less likely: something is wrong with this site's configuration. Usually this
happens when accounts have been signed up with a partner organization (e.g., a
hosting provider) and the provider's DNS fails. Cloudflare Ray ID:
599a073ddbc3ae0c • Your IP: _._. _._ • Performance & security by Cloudflare
"""

This raises more questions:

    
    
      - Why doesn't Cloudflare just return NXDOMAIN if it thinks the domain doesn't exist, rather than resolving to a bogus server?
    
      - Why doesn't it just drop and time out the request, so my computer decides to fall back to an alternate DNS resolver?
    
      - Why doesn't it show that error text when a path is present, instead of just serving a HTTP 403 Forbidden error with no additional information.

~~~
1f60c
This seems like a bug on Cloudflare's end, to be honest. Archive.md is free to
return bogus responses, but that shouldn't break Cloudflare.

~~~
stedaniels
That's not how the Internet works at all, archive.md is returning valid IP
addresses, they are just the _wrong_ ones. They are actually returning
Cloudflare's own DNS IP's. So all this is entirely correct from Cloudflare's
point of view. archive.md just needs to quit being so stubborn.

------
dhimes
Could some kind soul please post the ip of archive.md? I can't reset right
now. Thanks.

~~~
1f60c
Assuming you're looking for the WSJ article "Facebook executives shut down
efforts to make the site less divisive", give this a try:

    
    
      curl -H "Host: archive.md" http://188.143.233.210/FyTDB > index.html
    

(You can get archive.md's IP using:

    
    
      dig archive.md @8.8.8.8
    

This should work on practically any Linux box.)

~~~
dhimes
wow thanks! Edit: I must say I'm confused as to why changing my hosts file
didn't work on Win 10.

