Comment by burnerthrow008

1 day ago

> It's hard to imagine any reason for Cloudflare to do it other than because they want to analyze DNS traffic, and then it's in a much more centralized location than to be distributed across every network and ISP.

Isn't bot/DDoS protection a very obvious reason for Cloudfare to do it?

Any normal user agent will make a DNS request shortly before requesting a page from that domain. A normal user agent will also request the page from the IP returned by the DNS server.

Attempting to connect to a server IP hosted by Cloudfare from a client IP that has not recently received that server IP in a DNS response seems like an obvious signal for their bot/DDoS mitigation system.

1 comment

burnerthrow008

Reply
AnthonyMouse  1 day ago

> Any normal user agent will make a DNS request shortly before requesting a page from that domain. A normal user agent will also request the page from the IP returned by the DNS server.

How does that tell them anything when there are many legitimate client devices using someone else's DNS servers?