Abstract: In an embodiment, a computer-implemented method prevents use of a network protocol over an encrypted channel. In the method, a packet is received on an encrypted channel addressed to a network address. It is determined whether a network host at the network address is able to service a request formatted according to the network protocol over the encrypted channel. When the network host is determined to be able to resolve to a domain name over the encrypted channel, the network packet is blocked.

Abstract: Systems and methods are described for detecting domain name impersonation in the domain name system (DNS). A nefarious party may register a domain name in the DNS that impersonates a domain name associated with a company in an attempt to lure users to malicious destination network addresses based on their trust of that company. This may lead to the dilution of the company's online presence as its domains come to be associated with malicious activity. In embodiments, a system is described which receives inputs from a subscriber including the domain names the subscriber wishes to protect, ignore, or give special scrutiny to. The system receives instances of domain names registered in the DNS and performs methods to determine if the domain name is attempting to impersonate the domain names of the subscriber. Alerts are generated so that the subscriber may take corrective action.

Abstract: A computer-implemented method updates a domain name system blacklist in a lock-free manner is disclosed. In the method, an entry of the domain name blacklist is read at a DNS resolver in a plurality of DNS resolvers. The entry specifies a policy for the DNS resolver to execute when the DNS resolver receives a request to resolve a domain name. Before the reading is complete, an updated entry of the domain name blacklist is received, a new record to the domain name blacklist is added, and the entry being read is placed into a garbage pool having a current version number. Independently from the reading of the entry, the current version number is incremented and a new garbage pool is created for the incremented version number. When the reading is complete, the current version number is assigned to the DNS resolver.