The operator of archive.is got fed up with dealing with legal notices, so he set up his CDN so that accessing the site from any given country would get served by a server in a neighboring country (meaning that a takedown would involve international cooperation, so it would almost never be worth the effort). DNS requests have an optional field (EDNS client subnet) that provides part of the user's IP address so the CDN can respond with the closest possible server to the user, which is how archive.is does its country mitigation thing. Cloudflare's DNS does not provide this field. They say it's an anti-tracking move, others have speculated it's a competitive move since it means that Cloudflare will know where a user is located but competing CDNs won't. Because not knowing where a user is located before serving them would cause archive.is trouble, they respond to any DNS queries without the EDNS client subnet information with bad data.
> he set up his CDN so that accessing the site from any given country would get served by a server in a neighboring country (meaning that a takedown would involve international cooperation, so it would almost never be worth the effort)
I don't really see how this prevents that issue. They still have a server in that country. Just because the DNS name doesn't always point there doesn't seem like it should shield them from legal trouble.
It's come up on HN a bunch, including recently. I'm not sure how to find the threads.
It is weird and confusing, and has to do with the fact, if i remember right, that the Archive.today maintainer is mad that Cloudflare won't forward end-user IP addresses with DNS queries.
This seems mysterious, but one other comment pointed out the maintainer saying that this prevents the maintainer from assigning traffic to servers the way they want, which is an odd way having to do with legal systems and national boundaries and maybe trying to send the user to a CDN endpoint _not_ in their own nation for some reason?
If I'm remembering right.
The whole thing is weird and I can't explain it, and is very under-documented, the archive.today maintainer apparently doesn't really like talking about it or explaining it?
But basically archive.today intentionally deny-lists anyone using cloudflare DNS in a way that results in very mysterious behaivor where you don't know you are denylisted, including infinite captchas.
I have had the same issue with Google 8.8.8.8 DNS and archive.today btw.
I've also found they do very suspicious things in those captcha pages as well, such as sending random requests to unrelated websites (feels like a DDoS at that point). I've been avoiding archive.today links ever since.