Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That does sort of sound like Cloudflare is pulling the shenanigans. It's awfully convenient for a CDN company (the same company that MITMs half the web) to cite privacy concerns to not pass through data to enable better request routing. In almost all cases the DNS lookup precedes a connection from the client anyway.


EDNS subnet/ECS is an optional DNS extension. DNS requests have no obligation to provide it. archive.is's behavior is in violation of RFC 7871 [1]:

> Note again that a query MUST NOT be refused solely because it provides 0 address bits.

The shenanigans are absolutely on archive.is's side here.

[1] https://www.rfc-editor.org/rfc/rfc7871#section-7.5


When the RFC refers to a query being refused, it's talking about a response with rcode=REFUSED. Archive.is is responding with rcode=NOERROR and bogus RR data. Shenanigans? Yes. RFC violation? No.


Perhaps technically not a violation but clearly against the spirit of the RFC.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: