Abstract: Various techniques for providing defense against NXDOMAIN hijacking in domain name systems are disclosed herein. In one embodiment, a method includes receiving a user input from a user to a search box in an application executing on a computing device connected to the Internet via a facility provided by an internal service provider (“ISP”) and resolving the received user input to the search box as a DNS query without using a caching server provided by the ISP. The method can then include determining whether the DNS query causes an NXDOMAIN condition and in response to determining that the DNS query causes an NXDOMAIN condition, indicating that the received user input does not have a corresponding IP address in the domain name system.

Abstract: Various techniques for providing defense against NXDOMAIN hijacking in domain name systems are disclosed herein. In one embodiment, a method includes receiving a user input from a user to a search box in an application executing on a computing device connected to the Internet via a facility provided by an internal service provider (“ISP”) and resolving the received user input to the search box as a DNS query without using a caching server provided by the ISP. The method can then include determining whether the DNS query causes an NXDOMAIN condition and in response to determining that the DNS query causes an NXDOMAIN condition, indicating that the received user input does not have a corresponding IP address in the domain name system.

Abstract: Various techniques for managing backup for domain nameservers are disclosed herein. In one embodiment, a method includes receiving a nameserver record associated with a domain name. The nameserver record containing addresses of an active nameserver and a passive nameserver. The method also includes determining if the active nameserver is reachable by contacting the active nameserver based on the address of the active nameserver in the nameserver record. In response to determining that (i) the active nameserver is unreachable and (ii) the nameserver record does not include an address of an additional active nameserver, the method includes contacting the passive nameserver for resolving the domain name based on the address of the passive nameserver in the nameserver record.

Abstract: Various techniques for providing defense against NXDOMAIN hijacking in domain name systems are disclosed herein. In one embodiment, a method includes receiving a user input from a user to a search box in an application executing on a computing device connected to the Internet via a facility provided by an internal service provider (“ISP”) and resolving the received user input to the search box as a DNS query without using a caching server provided by the ISP. The method can then include determining whether the DNS query causes an NXDOMAIN condition and in response to determining that the DNS query causes an NXDOMAIN condition, indicating that the received user input does not have a corresponding IP address in the domain name system.

Abstract: Various techniques for mitigating computer network attacks are disclosed herein. In one embodiment, a method includes receiving indications of denial of service attacks from multiple target computing systems and determining one or more sources from which the denial of service attacks are deemed to originate in response to the received indications of denial of service attacks from the target computing systems. The method also includes negotiating with the network aggregation point for permission to divert network traffic originated from the one or more of the determined sources and destined to the target computing systems to the gateway.

Abstract: Various techniques for mitigating computer network attacks are disclosed herein. In one embodiment, a method includes receiving indications of denial of service attacks from multiple target computing systems and determining one or more sources from which the denial of service attacks are deemed to originate in response to the received indications of denial of service attacks from the target computing systems. The method also includes negotiating with the network aggregation point for permission to divert network traffic originated from the one or more of the determined sources and destined to the target computing systems to the gateway.

Abstract: Various techniques for improving privacy and security of domain name systems are disclosed herein. In one embodiment, a method includes transmitting, from a client device, a DNS query containing a domain name to a caching server for resolving the domain name. The domain name includes a first part having an encrypted request and a second part having an unencrypted network resource identifier. The method also includes receiving, at the client device, a DNS response from the caching server in response to the transmitted DNS query. The received DNS response containing an encrypted reply to the encrypted request in the first part of the domain name associated with the DNS query.

Abstract: Various techniques for purging resource records stored in a cache of domain name system servers are disclosed herein. In one embodiment, a method includes receiving, at a caching server, a DNS query via a computer network. In response to receiving the DNS query, the caching server determines if the received DNS query indicates a request to purge the one or more resource records stored in the DNS cache on the caching server. In response to determining that the received DNS query indicates a request to purge the one or more resource records stored in the DNS cache on the caching server, the caching server purges the one or more resource records from the DNS cache on the caching server.

Abstract: Various techniques for mitigating computer network attacks are disclosed herein. In one embodiment, a method includes receiving indications of denial of service attacks from multiple target computing systems and determining one or more sources from which the denial of service attacks are deemed to originate in response to the received indications of denial of service attacks from the target computing systems. The method also includes negotiating with the network aggregation point for permission to divert network traffic originated from the one or more of the determined sources and destined to the target computing systems to the gateway.

Abstract: In various embodiments, methods and systems for accelerating on-premise delivery of content items using a unified content delivery network system are provided. A request is received from a content device for a content item. The request is communicated using a content delivery network protocol where the content delivery network protocol supports a unified content delivery network profile between content devices, local off-net cache devices, and content delivery network platform servers. A determination that the content item is not cached at a local off-net cache device is made, where the local off-net cache device is identified in the unified content delivery network profile as corresponding to one or more content devices. A retrieval routine for downloading the content item to the content device is selected; the retrieval routine is selected using the unified content delivery network profile. The content item is retrieved to the content device using the selected retrieval routine.

Abstract: Various techniques for improving security of domain name records are disclosed herein. In one embodiment, a method includes receiving a request to modify a domain name record containing a first domain name server to containing a second domain name server. In response to the received request, the first and second domain name servers are individually queries for corresponding first and second security records. The method can also include receiving the first and second security records from the first and second domain name servers, respectively and determining whether to allow the domain name record to be modified based on a comparison of the first and second security records.

Abstract: Various techniques for mitigating computer network attacks are disclosed herein. In one embodiment, a method includes receiving indications of denial of service attacks from multiple target computing systems and determining one or more sources from which the denial of service attacks are deemed to originate in response to the received indications of denial of service attacks from the target computing systems. The method also includes negotiating with the network aggregation point for permission to divert network traffic originated from the one or more of the determined sources and destined to the target computing systems to the gateway.

Abstract: Various techniques for providing defense against NXDOMAIN hijacking in domain name systems are disclosed herein. In one embodiment, a method includes receiving a user input from a user to a search box in an application executing on a computing device connected to the Internet via a facility provided by an internal service provider (“ISP”) and resolving the received user input to the search box as a DNS query without using a caching server provided by the ISP. The method can then include determining whether the DNS query causes an NXDOMAIN condition and in response to determining that the DNS query causes an NXDOMAIN condition, indicating that the received user input does not have a corresponding IP address in the domain name system.

Abstract: Various techniques for mitigating computer network attacks are disclosed herein. In one embodiment, a method includes receiving indications of denial of service attacks from multiple target computing systems and determining one or more sources from which the denial of service attacks are deemed to originate in response to the received indications of denial of service attacks from the target computing systems. The method also includes negotiating with the network aggregation point for permission to divert network traffic originated from the one or more of the determined sources and destined to the target computing systems to the gateway.

Abstract: Various techniques for improving privacy and security of domain name systems are disclosed herein. In one embodiment, a method includes transmitting, from a client device, a DNS query containing a domain name to a caching server for resolving the domain name. The domain name includes a first part having an encrypted request and a second part having an unencrypted network resource identifier. The method also includes receiving, at the client device, a DNS response from the caching server in response to the transmitted DNS query. The received DNS response containing an encrypted reply to the encrypted request in the first part of the domain name associated with the DNS query.

Abstract: Various techniques for managing backup for domain nameservers are disclosed herein. In one embodiment, a method includes receiving a nameserver record associated with a domain name. The nameserver record containing addresses of an active nameserver and a passive nameserver. The method also includes determining if the active nameserver is reachable by contacting the active nameserver based on the address of the active nameserver in the nameserver record. In response to determining that (i) the active nameserver is unreachable and (ii) the nameserver record does not include an address of an additional active nameserver, the method includes contacting the passive nameserver for resolving the domain name based on the address of the passive nameserver in the nameserver record.

Abstract: Various techniques for improving security of domain name records are disclosed herein. In one embodiment, a method includes receiving a request to modify a domain name record containing a first domain name server to containing a second domain name server. In response to the received request, the first and second domain name servers are individually queries for corresponding first and second security records. The method can also include receiving the first and second security records from the first and second domain name servers, respectively and determining whether to allow the domain name record to be modified based on a comparison of the first and second security records.

Abstract: Various techniques for mitigating computer network attacks are disclosed herein. In one embodiment, a method includes receiving indications of denial of service attacks from multiple target computing systems and determining one or more sources from which the denial of service attacks are deemed to originate in response to the received indications of denial of service attacks from the target computing systems. The method also includes negotiating with the network aggregation point for permission to divert network traffic originated from the one or more of the determined sources and destined to the target computing systems to the gateway.

Abstract: Various techniques for purging resource records stored in a cache of domain name system servers are disclosed herein. In one embodiment, a method includes receiving, at a caching server, a DNS query via a computer network. In response to receiving the DNS query, the caching server determines if the received DNS query indicates a request to purge the one or more resource records stored in the DNS cache on the caching server. In response to determining that the received DNS query indicates a request to purge the one or more resource records stored in the DNS cache on the caching server, the caching server purges the one or more resource records from the DNS cache on the caching server.

Abstract: In various embodiments, methods and systems for supporting a domain name system (DNS) using an integrated on-premise-cloud DNS platform are provided. The on-premise-cloud DNS platform supports communication between a cloud DNS server on a cloud computing platform and an on-premise DNS server on an on-premise platform. In operation, the cloud DNS server receives a DNS request from a DNS request-device. The cloud DNS determines that the DNS request is for an on-premise DNS service. An on-premise DNS service can include a policy-based DNS service, a Domain Name Security Extensions (DNSSEC) service, or an Active Directory Service. On-premise services are selectively configured as on-premise services using the on-premise-cloud DNS platform. The DNS request is communicated through a DNS communication channel. Upon the DNS request being processed on the on-premise DNS server, a DNS reply is received through the DNS communication channel and forwarded via the cloud DNS to the DNS request-device.