ebw at abenaki.wabanaki.net
Mon Dec 20 22:48:31 UTC 2010
The registrar dynadot, IANA #472, on December 17th, associated the
address 184.108.40.206 with the A record for wikileaks.org
At some point prior to December 17th, the A record had a different value.
Who authorized or performed the update of 17-Dec-2010 01:57:59 UTC is
a reasonable question to ask, by ICANN Compliance, of the registrar of
record, IANA #472.
This morning (EST) a GET / HTTP/1.1 sent to 220.127.116.11 returns a 302
(redirect) to http://mirror.wikileaks.info/. This afternoon (EST) the
same query returns a 400 (bad request).
IANA #472 should be able to document each change to the A record, and
NS records, and demonstrate that only the registrant caused the series
of changes to the RRset in December, or, an act for which no liability
is incurred by the registrar, due to any one of a number of specific,
What a reasonable inquiry should not find is a denial of service to a
registrant by an accredited registrar under any but that very
specific, enumerated set of circumstances.
It is not infrequent for an address block to be recovered and
reallocated by an RIR, without third-party coordination. Therefore the
association by Spamhaus to the address at which wikileaks.info was
associated could have been an artifact of prior, not present, practice
that resulted in Spamhaus' characterization of the address as
problematic. However, it is more likely that the characterization is
"current", not an artifact of recovery & reallocation by the RIR and
lack of notice to third-parties such as Spamhaus or a lack of prompt
reaction by Spamhaus upon timely notice by the RIR.
If, in addition, the effect of redirection, initiated by parties as
yet unknown, was to cause browsers to connect to an address, for which
other resources are associated, other questions reasonably arise.
While synchronous behavior by statistically significant numbers of
informed and consenting adults manifests similar to synchronous
behavior by distributed systems, including those constructed from
assets acquired through latent defects in operating system products or
applications, aka "botnets", just as rapid changes to NS records (aka
"fast flux hosting") may be implemented to avoid suppression of
content by political censors or to avoid suppression by anti-fraud law
enforcement, the wisdom of reducing the ability of Spamhaus to conduct
its daily operations as an email quality enabler is open to criticism.
I look forward to comments from PIR, and from IANA #472, and ICANN
Compliance on the issues around wikileaks.org in mid-December.
More information about the At-Large