Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Archive.today doesn't resolve when using Cloudflare/Mozilla DNS
20 points by cookiengineer on July 3, 2023 | hide | past | favorite | 10 comments
If you try to connect to archive.today via https, it will tell you an SSL error:

- SSL_ERROR_NO_CYPHER_OVERLAP error in Firefox

- ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chrome/Chromium.

If you try to connect via http:// CloudFlare spits out a DNS resolution error.

If you connect via TOR it works perfectly fine. Tried out several ISPs and their defaulted DNS servers.

edit/update:

It seems to be somewhat DNS blocked, if the response is "1.1.1.4" or "1.1.1.7" for the A record it seems to be the cloudflare's blocked server response. If the IP is "192..." then it's the correct one.

The SSL blocked response of the 1.1.1.7 IP is when the cloudflare proxy responds with an SSL response header that simply offers no ciphers (verify yourself via "openssl s_client archive.today:443")

I could reproduce the behavior with cloudflare's DNS servers and vodafone + Deutsche Telekom + o2/telefonica's DNS servers.

Resolution works fine with Google's DNS servers.

When googling about the issue, I found this old post about it:

https://jarv.is/notes/cloudflare-dns-archive-is-blocked/

It seems as the Cloudflare DNS servers don't send any geolocation info via EDNS and that's why the archive owner decided to respond with bogus responses!? On wikipedia it said the issue was resolved in 2018, but apparently it still isn't? or at least isn't again?




The archive.is/today/ph/li/md/etc guys just resent cloudflare for not respecting EDNS. The issue is so well known that it's even documented on wikipedia:

https://en.wikipedia.org/wiki/Archive.today#Cloudflare_DNS_a...

Note: every few months it starts working, then breaks again. I don't know if they're playing a cat and mouse game or if something else is at play.


Are you using Cloudflare DNS? (potentially browser-level setting, DoH rollout and all that) Archive.is etc keep playing games with users coming from there. What IPs are you getting for archive.today?

Can't reproduce what you describe on my German connections.

EDIT: FWIW, if I switch to cloudflare DNS I get exactly the error you describe


> Are you using Cloudflare DNS?

I was using my ISPs DNS servers and Firefox/Mozilla default DoH servers, but I can confirm that when using 1.1.1.1 / 1.0.0.1 as the nameservers I'm getting the same behaviors.

I switched to Google's DNS servers, and they seem to resolve fine to the real IPs.

If the response for the A question is "1.1.1.7" it's the censored/blocked response.


That's pretty certain then archive.today rejecting it (maybe your ISP also doesnt use the subnet-extension they are so mad at Cloudflare about?).

Curious why "europe-wide censorship" was your first instinct, over "something is broken with that website"?



This is a known longstanding issue with the combination of Cloudflare DNS and Archive.today. Nothing to do with censorship


My ISP blocks it since long, but I use https://mullvad.net/en/help/dns-over-https-and-dns-over-tls which fixes it. Sucks for all users who don't know how to change their DoH provider though. Would like to have an explanation.


Seems to work just fine from Spain


Do you have a source for this or are you speculating?


Works fine from Sweden. Tested with multiple ISPs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: