If I do dig @1.1.1.1 archive.is I get an IP address about 1/4th of the time which I don't understand. I currently have quad9 configured in my DNS settings. If I change it to Cloudflare, I still don't get an IP address and the log says Blocked (external, NULL) which the net says it is blocked by the upstream server but if that is the case, why does it work about 1/4th the time when I go to @1.1.1.1 directly?
All this to ask... how do I change my settings so that I can get an IP address for archive.is?
I've tried adding archive.is to my white list and that didn't change anything.
Your upstream DNS server is blocking this domain. You will need to change upstream DNS servers if this continues to be blocked by the one you are using. Here are my results:
If Pi-hole is not blocking the domain, then adding it to the whitelist will have no effect. What is the output of the following command from the Pi terminal:
I cannot. This would be a question for Cloudflare. Note that Google DNS does not appear to block this, so perhaps that is your best choice. Alternatively, a local instance of unbound would definitely not block any domains, and running this puts you in control of your own DNS resolver.
The weirdness with Cloudflare returning an IP occasionally really played havoc with my debugging of the issue. I would change things which I was "positive" should not affect anything and then "test" and it would seem that things were different. I finally ended up doing about 8 dig commands as a single "test".
Anyhow, I wrote a silly script to pull down root.hints and keep a sequence of backups:
I was worried about a catch-22 type situation. How do I do DNS to get root.hints if I don't have DNS? But I guess I could reconfigure pi-hole to use Google, quad9, etc, fetch it, and then configure it back.