Wikileaks DNS

Dec. 4th, 2010 11:57 am
ewx: (geek)
[personal profile] ewx

The official story, to the extent that it’s coherent at all, seems to be that yesterday, EveryDNS.net canceled Wikileaks’ domain name wikileaks.org.

EveryDNS say they told Wikileaks they were doing to do this on Wednesday (1st December). (Obviously I’ve no way to tell if that is true, but it’s not very relevant to the points I want to make. Nor is it relevant whether EveryDNS did this for operational reasons or because they were under some kind of state pressure.) At any rate, the delegation for wikileaks.org still (now) points at EveryDNS’s name servers, and this matches the situation as it was yesterday:

chymax$ dig ns org|grep '^[^;]'
org.			2910	IN	NS	c0.org.afilias-nst.info.
org.			2910	IN	NS	b0.org.afilias-nst.org.
org.			2910	IN	NS	b2.org.afilias-nst.org.
org.			2910	IN	NS	a2.org.afilias-nst.info.
org.			2910	IN	NS	a0.org.afilias-nst.info.
org.			2910	IN	NS	d0.org.afilias-nst.org.
a2.org.afilias-nst.info. 2921	IN	A	199.249.112.1
a2.org.afilias-nst.info. 2921	IN	AAAA	2001:500:40::1
b2.org.afilias-nst.org.	14502	IN	A	199.249.120.1
b2.org.afilias-nst.org.	14502	IN	AAAA	2001:500:48::1
c0.org.afilias-nst.info. 2916	IN	A	199.19.53.1
c0.org.afilias-nst.info. 2916	IN	AAAA	2001:500:b::1
chymax$ dig ns wikileaks.org @199.249.112.1|grep '^[^;]'
wikileaks.org.		86400	IN	NS	ns1.everydns.net.
wikileaks.org.		86400	IN	NS	ns2.everydns.net.
wikileaks.org.		86400	IN	NS	ns3.everydns.net.
wikileaks.org.		86400	IN	NS	ns4.everydns.net.

However, they appear to be dropping any requests for wikileaks.org on the floor. (I think really they ought to be sending back a REFUSED response (rcode=5), but that’s just crappy implementation rather than anything sinister.)

chymax$ dig a ns1.everydns.net|grep '^[^;]'
ns1.everydns.net.	2707	IN	A	208.76.61.100
everydns.net.		2707	IN	NS	ns1.everydns.net.
everydns.net.		2707	IN	NS	ns4.everydns.net.
everydns.net.		2707	IN	NS	ns2.everydns.net.
everydns.net.		2707	IN	NS	ns3.everydns.net.
ns2.everydns.net.	2707	IN	A	208.76.62.100
ns3.everydns.net.	2707	IN	A	208.76.63.100
ns4.everydns.net.	2707	IN	A	208.76.60.100

; <<>> DiG 9.6.0-APPLE-P2 <<>> any wikileaks.org @208.76.61.100
;; global options: +cmd
;; connection timed out; no servers could be reached

As well as a lot of people passing IP addresses round Twitter yesterday, wikileaks.ch was suggested as an alternative name. I didn’t keep a record of DNS responses but when I checked yesterday this name was also being served from EveryDNS’s name servers! Later on yesterday they spotted that too and it went the same way as wikileaks.org. The last time I checked, the information returned by whois from nic.ch referred to a different set of name servers but the actual delegation in the DNS still pointed at EveryDNS.

As of today they’ve got wikileaks.ch sorted out:

chymax$ dig ns wikileaks.ch|grep '^[^;]'
wikileaks.ch.		2540	IN	NS	ns2.swebflex.ch.
wikileaks.ch.		2540	IN	NS	dns.wikileaks.ch.
wikileaks.ch.		2540	IN	NS	dns2.syshack.org.
wikileaks.ch.		2540	IN	NS	ns4.pcdog.ch.
wikileaks.ch.		2540	IN	NS	ns1.buzzernet.net.
wikileaks.ch.		2540	IN	NS	ns1.swebflex.ch.
wikileaks.ch.		2540	IN	NS	ns3.pcdog.ch.
wikileaks.ch.		2540	IN	NS	ns2.pcdog.ch.
wikileaks.ch.		2540	IN	NS	dns1.syshack.org.
wikileaks.ch.		2540	IN	NS	ns1.pcdog.ch.
dns.wikileaks.ch.	2540	IN	A	178.63.167.108
dns.wikileaks.ch.	2540	IN	A	193.138.215.125
dns.wikileaks.ch.	2540	IN	A	212.101.16.84
dns.wikileaks.ch.	2540	IN	A	216.18.205.196
dns.wikileaks.ch.	2540	IN	A	46.4.160.2
dns.wikileaks.ch.	2540	IN	A	77.109.132.51
dns.wikileaks.ch.	2540	IN	A	85.124.44.140
ns1.buzzernet.net.	9740	IN	A	193.138.215.125
dns1.syshack.org.	42140	IN	A	46.4.160.2

The following are completely clear:

  • Wikileaks’ DNS was formerly a single point of failure (EveryDNS) and it failed.
  • Nobody has canceled wikileaks.org. Its DNS provider threw in the towel, that’s all.
  • EveryDNS were no more willing to provide name service for wikileaks.ch than for wikileaks.org and treated it in exactly the same way.
  • wikileaks.ch is now up and running and, at least superficially, more robustly configured than wikileaks.org was.

These things are true but hard to explain:

  • Wikileaks attempted to bring up their new domain using the same single point of failure that had just failed.
  • Wikileaks still have not moved wikileaks.org to their new DNS infrastructure.
Tags:
(will be screened)
(will be screened if not validated)
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

ewx: (Default)
Richard Kettlewell
https://www.greenend.org.uk/rjk/

November 2025

S M T W T F S
      1
2345678
91011121314 15
1617 181920 2122
23242526272829
30      

Most Popular Tags

Active Entries

Expand Cut Tags

No cut tags
Top of page