- cross-posted to:
- technews@radiation.party
- hackernews@derp.foo
- cross-posted to:
- technews@radiation.party
- hackernews@derp.foo
tl;dr: No. Quite the opposite, actually — Archive.is’s owner is intentionally blocking 1.1.1.1 users.
CloudFlare’s CEO had this to say on HackerNews:
We don’t block archive.is or any other domain via 1.1.1.1. […] Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service. […] The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users.
I am mainly making this post so that admins/moderators at BeeHaw will consider using archive.org or ghostarchive.org links instead of archive.today links.
Because anyone using CloudFlare’s DNS for privacy is being denied access to archive.today links.
Time to add 1.1.1.1 to my list of DNS servers to use
In case you don’t know, Cloudflare already controls a massive amount of websites, have access to their unencrypted traffic and are making the web inaccessible for people who use tor or noscript. They are a threat to the open web.
CloudFlare offers website admins the ability to have their sites directly available to Tor users but they have to activate the feature: https://developers.cloudflare.com/support/firewall/learn-more/understanding-cloudflare-tor-support-and-onion-routing/
Strange, Onion routing was already enabled for my domains. Sounds like at some point it became an opt-out feature, not opt-in.
Do you have an alternative that isn’t google? Because google’s DNS privacy policy is much worse.
I don’t like cloudflare, but their DNS terms are relatively good, and they have my info anyway because as you say, they’re everywhere. I don’t think my not using their DNS will make any appreciable mark on their business, either.
Check out this list: https://adguard-dns.io/kb/general/dns-providers/
Quad9, DNS.Watch, OpenDNS
Three good alternatives.
Also NextDNS is great because you can change every setting (and the free tier offers you way more usage than you will ever use)
I maxed out the free tier in my first month somehow lol… $20/yr isn’t a bad deal for essentially pihole everywhere.
I mean a $35 pi and wireguard [I’m fond of Zerotier personally] can do the same thing… indefinitely… $35/forever > $20/yr :)
Yea that’s on the list for some point. I have a small k3s cluster running on some Pis and experimenting with tailscale.
Nextdns is great.
OpenNIC is an interesting option, if you’re okay with community-hosted servers.
I use NoScript and CloudFlare DNS works just fine for me. That said, I’m looking to switch due to privacy concerns after reading this thread.
Don’t forget the backup 1.0.0.1
what else is on your list?
Quad9 is pretty good, too.
https://www.quad9.net/
https://www.quad9.net/about/transparency-report
9.9.9.9
Do they have servers in the US?
https://www.quad9.net/service/locations/
Looks like they do.
Sweet. Just changed my servers now.
deleted by creator
I do CloudFlare first and Google as backup.
So privacy first first and privacy last second, interesting combo
yeah 1.1.1.1 then 8.8.8.8
LOL that’s not a bad way of explaining it. My reasoning is that I like CloudFlare, so I’ll default to them, but if CF goes down I want DNS to continue working. I figure Google is one of the servers that’s LEAST likely to go down.
https://european-alternatives.eu/category/public-dns
I used to use Cloudflare and recently switched to NextDNS for more control.