Wow, Cloudflare's 1.1.1.1 DNS server sets up a man-in-the-middle (broken cert gives it away) and serves a 403 Forbidden page when clicking on this link. Verified that 8.8.8.8 works fine.
I don't want to derail the discussion too much either, but anyone curious about the reasoning can see this comment from CloudFlare [0]
>We don’t block archive.is or any other domain via 1.1.1.1. Doing so, we believe, would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
>Archive.is’s authoritative DNS servers return bad results to 1.1.1.1 when we query them. I’ve proposed we just fix it on our end but our team, quite rightly, said that too would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service.
>The archive.is owner has explained that he returns bad results to us because we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. We’re aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals, which was part of the motivation for the privacy and security policies of 1.1.1.1.
I'm not sure if it's a separate issue, but I've noticed 1.1.1.1 sometimes can't resolve my bank. Adding 8.8.8.8 as an alternate DNS service resolves the issue for me. I don't know if it's just balancing the requests or only using 8.8.8.8 if the primary fails. I'd like to know the answer to that.
