(no title)

Someone asked the archive.is owner why he does this in the past. It's because of similar situations to this one where someone who wants to get archive.is taken down uploads illegal content, requests archive.is to save it, and immediately reports archive.is to their country's legal authorities. His solution to this is using the EDNS information to serve requests from the closest IP abroad, so any takedown procedure requires international cooperation and therefore enough bureaucratic overhead that he gets notified and has time to take the content down. https://news.ycombinator.com/item?id=36971650

I also find the "we don't want to leak a requester's IP" explanation for blocking EDNS to be suspect. The way DNS works is that you ask for the IP address for a domain name, you get the IP, and then you connect to it. With Cloudflare's DNS, the server doesn't know your IP when you do the DNS lookup, but that doesn't matter because you're connecting to the server anyway so they'll still get your IP. Even if you're worried about other people sniffing network traffic, the hostname you're visiting still gets revealed in plaintext during the SNI handshake. What Cloudflare blocking EDNS does do is make it much harder for competing CDNs to efficiently serve content using DNS based routing. They have to use Anycast instead, which has a higher barrier to entry.

Here's my speculation on the underlying reason archive.today blocks Cloudflare DNS: https://webapps.stackexchange.com/a/135229/229725

I speculate it's due to archive.today wanting granular (not overly broad) legal censorship compliance. Which is somewhat related to this post.