[Chapter-delegates] PIR and wikileaks.ORG
Peter Koch
pk at ISOC.DE
Sat Dec 4 08:13:20 PST 2010
On Sat, Dec 04, 2010 at 01:58:48AM -0500, Jon Zittrain wrote:
> A quick technical question: isn't (wasn't?) EveryDNS just the
> registrar, not the registry? At the end of the day it's the registry
> -- Afilias? -- that operationally resolves a .org name, not the
> registrar. The registrar just is the party authorized/expected to
> make any changes in the registry entries for the names it
> registers. So how would a DDOS against the DNS resolution service --
> the reason cited by EveryDNS for its ... deregistering? changing the
> pointed-to site to null? ... involve EveryDNS and its customers? ...JZ
there are five or more parties involved:
1) the Registry - PIR, or Afilias for the operational part
There is no indication that anything in the registry recently changed
w.r.t. the domain wikileaks.org
Domain ID:D130035267-LROR
Domain Name:WIKILEAKS.ORG
Created On:04-Oct-2006 05:54:19 UTC
Last Updated On:26-Aug-2010 22:38:42 UTC
Expiration Date:04-Oct-2018 05:54:19 UTC
Sponsoring Registrar:Dynadot, LLC (R1266-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:CP-13000
Registrant Name:John Shipton c/o Dynadot Privacy
Registrant Street1:PO Box 701
...
Name Server:NS1.EVERYDNS.NET
Name Server:NS2.EVERYDNS.NET
Name Server:NS3.EVERYDNS.NET
Name Server:NS4.EVERYDNS.NET
Indeed the Registry (or their DNS service provider, respectively)
"resolves" the name, but only by pointing to the nameservers in
charge (the four named above).
2) the Registrar - Dynadot
Is the one in charge of maintaining the domain data within the
registry. In this case, the registrar ofers a "privacy service",
see <http://www.dynadot.com/domain/privacy.html>
3) the Registrant - Wikileaks
Due to the privacy service used, little is publicly know, but then
this entity is "well known".
4) The Name Service Provider - EveryDNS
EveryDNS/DynDNS operates the name server infrastructure; the delegation
as shown in the whois record above goes to four of EverDNS's name servers.
A (successful) attack on a name server will affect all customers served
by that name server (mind the singular). The four servers mentioned
above will not respond to any queries for names within the wikileaks.org
domain. That is, they will treat this like any other query for zones
(domains) they are not tasked to serve. This is very similar to what
is called a lame delegation, except that a more common form is to give
a REFUSED or a similar response instead of letting the querying resolver
time out.
5) The Web Hosting Provider(s)
This is where can be found what this is all about.
I haven't seen any indication that entities (1) or (2) did change anything.
However, entity (4) obviously does not or no longer serve the domain
wikileaks.org.
Conclusions left to the reader.
-Peter, ISOC.DE
More information about the Chapter-delegates
mailing list