Colleagues, The registrar dynadot, IANA #472, on December 17th, associated the address 64.64.12.170 with the A record for wikileaks.org At some point prior to December 17th, the A record had a different value. Who authorized or performed the update of 17-Dec-2010 01:57:59 UTC is a reasonable question to ask, by ICANN Compliance, of the registrar of record, IANA #472. This morning (EST) a GET / HTTP/1.1 sent to 64.64.12.170 returns a 302 (redirect) to http://mirror.wikileaks.info/. This afternoon (EST) the same query returns a 400 (bad request). IANA #472 should be able to document each change to the A record, and NS records, and demonstrate that only the registrant caused the series of changes to the RRset in December, or, an act for which no liability is incurred by the registrar, due to any one of a number of specific, enumerated circumstances. What a reasonable inquiry should not find is a denial of service to a registrant by an accredited registrar under any but that very specific, enumerated set of circumstances. It is not infrequent for an address block to be recovered and reallocated by an RIR, without third-party coordination. Therefore the association by Spamhaus to the address at which wikileaks.info was associated could have been an artifact of prior, not present, practice that resulted in Spamhaus' characterization of the address as problematic. However, it is more likely that the characterization is "current", not an artifact of recovery & reallocation by the RIR and lack of notice to third-parties such as Spamhaus or a lack of prompt reaction by Spamhaus upon timely notice by the RIR. If, in addition, the effect of redirection, initiated by parties as yet unknown, was to cause browsers to connect to an address, for which other resources are associated, other questions reasonably arise. While synchronous behavior by statistically significant numbers of informed and consenting adults manifests similar to synchronous behavior by distributed systems, including those constructed from assets acquired through latent defects in operating system products or applications, aka "botnets", just as rapid changes to NS records (aka "fast flux hosting") may be implemented to avoid suppression of content by political censors or to avoid suppression by anti-fraud law enforcement, the wisdom of reducing the ability of Spamhaus to conduct its daily operations as an email quality enabler is open to criticism. I look forward to comments from PIR, and from IANA #472, and ICANN Compliance on the issues around wikileaks.org in mid-December. Eric