1

Incorrect DNS Resolution for archive.is / archive.ph

Hi, I'm experiencing incorrect DNS resolution for archive.is. Public discussions indicate this is due to the site operator intentionally returning bad IPs to resolvers that use EDNS, and my testing confirms this behaviour (it works via 1.1.1.1 but not NextDNS). Can you confirm this is the cause and advise if there's an official workaround NextDNS recommends?

Blocked out my public IP for obvious reasons.

From the router, from which these queries have been tested (which I can see in the NextDNS logs as shown above), shows this DIG response:

root@UCGF-ROUTER:~# dig archive.is

; <<>> DiG 9.16.50-Debian <<>> archive.is
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12564
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;archive.is.                    IN      A

;; ANSWER SECTION:
archive.is.             31      IN      A       31.133.0.117

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jul 26 11:02:47 BST 2025
;; MSG SIZE  rcvd: 55

 

 

If you go to 31.133.0.117, you will find the page I see below, which shows a Polish RPG gaming community. 

Note, if I go to a full archive.is page, I will receive "ERR_SSL_UNRECOGNIZED_NAME_ALERT"

 

Can you help understand why NextDNS is serving me a false IP for archive.is? This is a well-known website. FYI, I've validated with several people, when they access archive.is they see the real page.

 

Final validation, I changed my DNS provider to simply `1.1.1.1` and the page again works fine. 

 

All of this information should validate that the upstream (NextDNS) is the one providing bad answers.

 

Please help and or investigate.

Many thanks.

Note, I am a paying member. This isn't confidence-inspiring at all.

16 replies

null
    • Amos.2
    • 9 days ago
    • Reported - view

    Bump.

    • Amos.2
    • 8 days ago
    • Reported - view

    Bump

    • Amos.2
    • 7 days ago
    • Reported - view

    Bump. Someone from NextDNS must care, right... right?

    • Amos.2
    • 5 days ago
    • Reported - view

    Bump.

    • Amos.2
    • 4 days ago
    • Reported - view

    Bump

    • Amos.2
    • 3 days ago
    • Reported - view

    Bump.

    • 974RLOVqJX
    • 3 days ago
    • Reported - view

    I am also having this problem. I tried all the rewrites from this related post and they do not work for me. All the archive mirrors are unreachable unless I'm not using NextDNS or accessing via Tor. I believe the problem is on archive's end, as they seem to be intentionally breaking EDNS. Hopefully someone has a (new) workaround.

    • Rikkert
    • 3 days ago
    • Reported - view

    Pretty annoying indeed.

    For now you can solve it using rewrites, on the Settings page;

     

    *.archive.ph → 165.140.202.54

    *.archive.is → 165.140.202.54

    *.archive.today → 165.140.202.54

    *.archive.vn → 165.140.202.54

    *.archive.fo → 165.140.202.54

    *.archive.md → 165.140.202.54

    *.archive.li → 165.140.202.54

      • losnad
      • 3 days ago
      • Reported - view

      23.184.48.154

      94.154.172.214

      185.195.236.97 

      45.8.124.7

      • Amos.2
      • 2 days ago
      • Reported - view

       Yeah, I use these rewrites currently, but this isn't a solution for the problem. 

      NextDNS should come forward with a solution, else it fundamentally undermines the point of their service if I can't trust the results I get from the DNS.

      Their support is seemingly none existent which is really frustrating.

      • 974RLOVqJX
      • yesterday
      • Reported - view

      I'm not positive this is something that NextDNS is in their power to fix. As in, I think this is something that archive.* has to fix. See here: https://webapps.stackexchange.com/questions/135222/why-does-1-1-1-1-not-resolve-archive-is

      • Amos.2
      • yesterday
      • Reported - view

      I agree completely, but as a paying customer, there should be some resolution here. Fix the DNS entries or communicate with archive.is. Something. What's to say most sites don't follow suit, and now we're having spotty coverage?

      My point is simply that it undermines the DNS service if, when I go to request a site and it suddenly doesn't work, or goes to some unrelated IP, as per my post.

      Finally, it isn't for me to figure out a solution on their behalf. I can be aware of limitations, and I am, but fundamentally, that isn't my problem to solve. It's a failure on NextDNS' side, irrespective of archive.is incorrect, authoritative responses.

      • 974RLOVqJX
      • yesterday
      • Reported - view

       Archive's decision was very unpopular with their user base. I am not certain that NextDNS isn't working for the same reason Cloudflare wasn't then, so I'm basing my response on the assumption that it is the same. The other forum post seems to indicate this is the case, too. So I'm comfortable assuming this is the case until proven otherwise.

      You say "there must be some resolution here." Yes, but the only things NextDNS can implement would compromise the features you are paying for. I use NextDNS because it is a step-up from my ISP in terms of privacy, and I don't want my DNS provider to compromise my privacy to appeal to a fussy site admin. Consider if NextDNS noticed the problem, fixed it immediately by sending the desired data for this one site. Now consider, as you suggest, that multiple other sites start doing the same thing. Now, behind the scenes, for various sites, more user data is being sent unnecessarily that I, personally, do not want to be sent.

      I don't believe there is any other steps NextDNS can really take serverside without compromising user privacy or compromising the integrity of the service. If I request a specific domain, I don't want NextDNS altering the IP address at all, even if its to fix an issue. It's a transparency issue. The pressure should be on archive, but yes I share your frustration that there ought to be a more elegant solution here in the meantime.

      Editing to add: About the unrelated Polish RPG IP: NextDNS asks archive for the IP, archive sees that the person asking is NextDNS and then they decide to intentionally send the wrong IP to NextDNS, who sends you to it.

      • Amos.2
      • 23 hrs ago
      • Reported - view

       Again, I think I agree with essentially all of your primary points. There are just a few things I wish to clarify.

      I agree, under no circumstances should NextDNS compromise user privacy by sending additional EDNS client-subnet data to satiate archive.is, or whoever's site admin. Naturally, this would violate the core value of this service, and the precedent this would set would be counter-productive.

      I agree, NextDNS should not silently and opaquely return a "fixed" IP that differs from the authoritative response due to transparency issues, as you note. My original request was purposefully provocative and not a serious suggestion. The user rewriting exists for that reason.

      My frustration, and what I believe should be the "resolution," is not about compromising the transparency and integrity, but the lack of communication and proactive user-side solutions from NextDNS as a paid service. It's quite clear they don't care about their user base, delegating all forms of support to "the community," with paid support being optional or exclusive to businesses. I can't think of many other companies of similar sizes that don't have any first-party support. These complaints, like mine, are almost a laughable waste of time. Bug report? Let me report a bug to... a community member? What...?

      NextDNS could have acknowledged the issue, officially explained why and offered a sanctioned/first-party workaround. But, no. As you demonstrated, you've had to refer to several community forum posts by users to figure out the bigger picture, and external service messaging to understand their intention. That's silly, especially as a paying member, which I assume you are.

      My primary issue is the principle that, as paying customers, our expectation shouldn't be to solve this ourselves through community forums. NextDNS' responsibility is to diagnose the problem, communicate the issue, and provide a solution or an explanation for why no solution is available. This principle wouldn't violate NextDNS' integrity.

      But as you point out, the issue is fundamentally with archive.is. But the communication responsibility for providing safe workarounds for paying customers lies strictly with NextDNS.

      • NextDNs
      • 22 hrs ago
      • Reported - view

      we do not send you IP via ECS but an "anonymized" IP (see https://help.nextdns.io/t/m1hmv04/what-is-edns-client-subnet-ecs). You can disable ECS altogether from your settings if it creates issues.

      • Amos.2
      • 22 hrs ago
      • Reported - view

       That's the kind of quality reply we expect as paying customers. Typos to comprehension issues. :D ^^

Login to reply

Content aside

  • 1 Votes
  • 22 hrs agoLast active
  • 16Replies
  • 166Views
  • 4 Following