WikiLeaks edges away from the US

WikiLeaks is no longer using US servers to deliver content for its Iraq War Logs site at

Yesterday, two of the IP addresses used by the site belonged to Amazon EC2 instances in the United States, but these are no longer being used. Today, the Iraq War Logs site is only being served from two IP addresses; one in France and an EC2 instance in Ireland.

click to view

However, the main WikiLeaks site at is still using a US-hosted EC2 instance. More interestingly, the DNS for is also controlled by a US company:          5160    IN      NS          5160    IN      NS          5160    IN      NS          5160    IN      NS

In April 2010, EveryDNS was bought by the owners of DynDNS, which is well known for providing free dynamic DNS services.

WikiLeaks will have prepared for US intervention over the Iraq War Logs, which could explain why uses different nameservers, hosted in France:

;; ANSWER SECTION:  864     IN      A  864     IN      A

;; AUTHORITY SECTION:  864     IN      NS  864     IN      NS  864     IN      NS

The short TTL (time to live) on is typical of any site that may need to change its location in a hurry, and is reminiscent of the actions carried out by Microsoft in 2004 after they anticipated being attacked by the "MyDoom.B" virus. SCO also made a similar change, setting their TTL as low as 60 seconds. The 15 minute TTL on allows WikiLeaks to change the site's location relatively quickly, should any of the hosting locations be attacked or taken down. Netcraft has not seen the site suffering any outages yet.

Nonetheless, WikiLeaks' hosting is not as bulletproof as some make out. Besides the US-based nameservers used by, another potential weakness for all sites under the domain could be the choice of domain name registrar: Dynadot LLC is a US company and thus has to consider US law as well as ICANN regulations.

This could suggest that the US government is reluctant to disrupt access to, even though they appear to be capable of doing so.