Je suis Charlie

Autres trucs


Seulement les RFC

Seulement les fiches de lecture

Mon livre « Cyberstructure »


Testing Wikileaks DNS mirrors

First publication of this article on 10 December 2010

Among the efforts to prevent censorship to take down WikiLeaks, several persons have set up DNS mirrors. They are names that point, not to one Web server but to a list of IP addresses which host a Web mirror. These lists can be quite long and it is better to have an automatic tool to test them.

There is a technical reason why you cannot put the IP address of any WikiLeaks Web mirror in a DNS record for wikileaks.anything.example: the HTTP protocol expects a Host: header in the query and dispatches the request to the proper virtual host, depending on this header. If the header is missing or wrong, you are sent to the "default" virtual host, which may be quite different from what you expect. So, you cannot just take a list of Web mirrors and add their IP addresses, you need to test.

The program, written in Python, does exactly that: it takes the IP addresses from a name, and performs a HTTP connection to this address, retrieves a page and searches if it looks like a correct Wikileaks page. If not, it complains:

Wrong data in, not a Wikileaks mirror?

Note well that it does not mean that is wrong, just that it is not a DNS mirror, you cannot copy its addresses blindly.

If you want more details, you can use the -v option:

% -v  

1269 cables

Wrong data in, not a Wikileaks mirror?

1269 cables

It shows also the current number of diplomatic cables uploaded on this mirror. This is important because some mirrors are really behind. Here is a test on a large mirror, Thanks to Pierre Beyssac for his contributions to this program.

Oh, by the way, my DNS mirrors are (a small subset) and (a larger set, which may create problems with some DNS resolvers).

Version PDF de cette page (mais vous pouvez aussi imprimer depuis votre navigateur, il y a une feuille de style prévue pour cela)

Source XML de cette page (cette page est distribuée sous les termes de la licence GFDL)