[Chapter-delegates] PIR and wikileaks.ORG

Desiree Miloshevic dmiloshevic at afilias.info
Sat Dec 4 09:01:06 PST 2010 

In theory, wikileaks, as a registrant, should be able to update new  
name servers (replace the EveryDNS ones with 2 or 3 new ones)
directly with DynaDot, their registrar, and the domain would be  
resolving again.

Afiias would automatically pick up the new updated name servers from  
DynaDot's DNS file.


Desiree
--


On 4 Dec 2010, at 16:13, Peter Koch wrote:

> On Sat, Dec 04, 2010 at 01:58:48AM -0500, Jon Zittrain wrote:
>> A quick technical question: isn't (wasn't?) EveryDNS just the
>> registrar, not the registry?  At the end of the day it's the registry
>> -- Afilias? -- that operationally resolves a .org name, not the 
>> registrar.  The registrar just is the party authorized/expected to
>> make any changes in the registry entries for the names it
>> registers.  So how would a DDOS against the DNS resolution service --
>> the reason cited by EveryDNS for its ... deregistering? changing the
>> pointed-to site to null? ... involve EveryDNS and its  
>> customers?  ...JZ
>
> there are five or more parties involved:
>
> 1) the Registry - PIR, or Afilias for the operational part
>   There is no indication that anything in the registry recently  
> changed
>   w.r.t. the domain wikileaks.org
>
> 	Domain ID:D130035267-LROR
> 	Domain Name:WIKILEAKS.ORG
> 	Created On:04-Oct-2006 05:54:19 UTC
> 	Last Updated On:26-Aug-2010 22:38:42 UTC
> 	Expiration Date:04-Oct-2018 05:54:19 UTC
> 	Sponsoring Registrar:Dynadot, LLC (R1266-LROR)
> 	Status:CLIENT TRANSFER PROHIBITED
> 	Registrant ID:CP-13000
> 	Registrant Name:John Shipton c/o Dynadot Privacy
> 	Registrant Street1:PO Box 701
> 	...
> 	Name Server:NS1.EVERYDNS.NET
> 	Name Server:NS2.EVERYDNS.NET
> 	Name Server:NS3.EVERYDNS.NET
> 	Name Server:NS4.EVERYDNS.NET
>
>
>   Indeed the Registry (or their DNS service provider, respectively)
>   "resolves" the name, but only by pointing to the nameservers in
>   charge (the four named above).
>
> 2) the Registrar - Dynadot
>   Is the one in charge of maintaining the domain data within the
>   registry. In this case, the registrar ofers a "privacy service",
>   see <http://www.dynadot.com/domain/privacy.html>
>
> 3) the Registrant - Wikileaks
>   Due to the privacy service used, little is publicly know, but then
>   this entity is "well known".
>
> 4) The Name Service Provider - EveryDNS
>   EveryDNS/DynDNS operates the name server infrastructure; the  
> delegation
>   as shown in the whois record above goes to four of EverDNS's name  
> servers.
>   A (successful) attack on a name server will affect all customers  
> served
>   by that name server (mind the singular).  The four servers mentioned
>   above will not respond to any queries for names within the  
> wikileaks.org
>   domain.  That is, they will treat this like any other query for  
> zones
>   (domains) they are not tasked to serve.  This is very similar to  
> what
>   is called a lame delegation, except that a more common form is to  
> give
>   a REFUSED or a similar response instead of letting the querying  
> resolver
>   time out.
>
> 5) The Web Hosting Provider(s)
>   This is where can be found what this is all about.
>
> I haven't seen any indication that entities (1) or (2) did change  
> anything.
> However, entity (4) obviously does not or no longer serve the domain
> wikileaks.org.
>
> Conclusions left to the reader.
>
> -Peter, ISOC.DE
> _______________________________________________
> Chapter-delegates mailing list
> Chapter-delegates at elists.isoc.org
> https://elists.isoc.org/mailman/listinfo/chapter-delegates

More information about the Chapter-delegates mailing list