[cnst]

A good example is Cloudflare's own CDN business — they require you to delegate your domain name to their DNS servers by name, not by IP address with your own glue records on your own domain name. Because they want to be able to use all the resources available to stop DDoS, including EDNS Client Subnet provided by other resolvers.

Same goes for GeoIP — EDNS Client Subnet was specifically created for effective and cheap GeoIP. (BGP anycast isn't cheap.)

I mean, both issues are exactly why archive.is had to put the block in place. For sure both of these usecases are pretty legitimate.

BTW, what's the actual legitimate need to block ECS? After a domain name is resolved by DNS, you still have to connect directly to the hostname by an IP address, and your IP will be leaked — there's no way around this, that's how internet works. Cloudflare knowingly runs these marketing campaigns trying to obscure this simple fact that easily invalidates the need for their services, and invalidates the benefits of their service compared to competition.