Hacker Read

param · 2012-09-18 00:56:55

As mentioned in the article, they dropped all packets that looked like responses from DNS resolvers. All client applications hosted in cloudfare shouldn't normally receive responses from DNS resolvers.

Miner49er | karma 5973 | avg karma 4.24 · | 2024-01-24 15:40:29

Did you switch to Cloudfare's DNS? IIRC archive.is blocks their DNS servers.

profmonocle | karma 2945 | avg karma 6.8 · | 2019-10-04 07:36:50+00:00

What's especially weird is that they're returning "127.0.0.3" to Cloudflare's DNS, rather than a DNS SERVFAIL or REFUSED error. On most systems that will cause a connection refused error or a TCP timeout. I would assume that was a network issue on their end, not a DNS problem.

lolinder | karma 32428 | avg karma 5.57 · | 2023-08-02 12:31:48

I mean, it's archive.is that is intentionally serving an incorrect DNS record (pointing back at Cloudflare's IPs) when it gets a DNS query that every other resolver handles just fine. They may have legitimate grievances with the info being dropped, but in the end they're the ones breaking their own traffic.

jedisct1 | karma 3627 | avg karma 3.51 · | 2022-10-15 05:57:46

Too bad all the DNS traffic just goes to Cloudflare instead of using their own resolvers.

0x0000000 | karma 719 | avg karma 3.44 · | 2023-11-03 09:58:03

Parent comment was likely referring to authoritative DNS, not Cloudflare's public resolvers.

r1ch | karma 3481 | avg karma 5.61 · | 2019-07-02 14:21:29+00:00

The Cloudflare DNS-over-HTTPS resolver was serving up 502 errors as well, though the standard port 53 UDP resolver was working. This event definitely made me regret choosing Cloudflare as my sole DoH server.

Jerry2 | karma 21142 | avg karma 9.41 · | 2019-11-10 18:28:18+00:00

You're probably using Cloudflare's DNS resolver.

gridspy | karma 2743 | avg karma 2.41 · | 2012-10-31 00:45:47+00:00

Bear in mind that none of these DNS queries are ever sent out of CloudFlare's network - as mentioned in the previous blog entry, none of these incoming responses are valid.

See http://blog.cloudflare.com/65gbps-ddos-no-problem

" What's great is that we can safely respond and ask them to block all DNS requests originating from our network since our IPs should never originate a DNS request to a resolver. "

reply

jeroenhd | karma 24884 | avg karma 4.06 · | 2023-08-05 07:20:24

Archive.* sabotages their DNS records when Cloudflare queries for them. They don't like that Cloudflare doesn't do EDNS forwarding so they broke their service for people using 1.1.1.1.

That said, I have the same problem. Even hard coding the IP address I resolved through Google doesn't seem to work. I'm guessing their sabotage may have backfired and is causing issues beyond their intentional scope?

reply

fulafel | karma 12262 | avg karma 1.65 · | 2014-04-11 14:19:12+00:00

Cloudfare isn't making the same claim - they're just saying it doesn't seem to happen on their (modified) Nginx setup.

xPaw | karma 3032 | avg karma 20.35 · | 2013-03-03 09:56:31+00:00

Yep, any website using CloudFlare's DNS is not resolving.

cuu508 | karma 2000 | avg karma 2.7 · | 2020-07-17 22:05:09+00:00

> I don't use cloudflare DNS but google DNS and got the same problems thant everyone else

Cloudflare is also the authoritative DNS server for many services. If Cloudflare is down, then for those services Google's DNS has nowhere to get the authoritative answers from.

reply

acmdas | karma 53 | avg karma 1.39 · | 2020-12-05 22:33:53+00:00

Interestingly, using Cloudflare's dns this morning around 0900 US Eastern time, I got through just fine. And a few hours ago, using DNSWatch, I was able to get through. Trying to muddle through what was happening, I found this: https://webapps.stackexchange.com/questions/135222/why-does-...

Clearly, Cloudflare was resolving it this morning, and it isn't now. Just why, hard to say. I have other things to do, so that's where I bow out...

reply

jpollock | karma 2389 | avg karma 3.63 · | 2018-05-29 13:37:22+00:00

If true it means that Cloudflare's DNS server can't be trusted.

eat_veggies | karma 3096 | avg karma 4.98 · | 2020-08-25 23:21:53

they're saying that ISPs run malicious DNS resolvers (which is correct), not Cloudflare.

MallocVoidstar | karma 1045 | avg karma 6.04 · | 2023-06-19 19:40:50

They run their own DNS and if a request comes from Cloudflare's servers return garbage.

jvdvegt | karma 313 | avg karma 3.64 · | 2022-08-29 15:52:26

They don't work with Cloudflare DNS, that might have something to do with it?

booblik | karma 177 | avg karma 2.03 · | 2019-09-11 12:22:01+00:00

My understanding is that the DNS query goes to the closest of the more than 180 Cloudflare servers, not specifically to the US servers. Complete FUD.

thepangolino | karma 659 | avg karma 1.65 · | 2020-05-26 15:50:16

I’m pretty sure it’s cloudflare being bitchy about not receiving some arcane DNS field from archive and therefore blocking their requests.