Abstract: In various embodiments, a name server transmits a canonical name as resolution to another canonical name. In operation, when a resource name is requested for resolution, a determination is made that the resource name corresponds to a trap resource name. A first canonical name is transmitted as resolution to the trap resource name. The first canonical name is requested for resolution, and a second canonical name is transmitted as resolution. By providing trap canonical names as resolutions to trap canonical names, unauthorized software making the resolution requests is kept occupied with requesting resolution of canonical name after canonical name, impeding the ability of the unauthorized software from traversing a network.

Abstract: Techniques for providing domain name suggestions to a user that is a prospective registrant via chatbot are disclosed. The techniques include providing a publicly available online chatbot to the user; requesting domain name generation data from the user via the chatbot and during a chatbot session with the user; receiving domain name generation data based on the requesting; generating a plurality of generated domain names using the domain name generation data; filtering registered domain names out of the plurality of generated domain names to produce a plurality of unregistered generated domain names; offering to register at least one of the unregistered generated domain names to the user; receiving an offer acceptance from the user; directing the user, via the chatbot, to provide information sufficient to register the at least one of the unregistered generated domain names; and facilitating registration of the at least one of the unregistered generated domain names.

Abstract: Embodiments relate to systems, devices, computer-readable media, and computer-implemented methods for generating domain name suggestions by receiving an input string via a user interface, determining an alternative of the input string, determining affixes of the input string, determining top level domains associated with the input string, determining registration availability of domain names including one-step string sequences from the input string based on the alternative input string, the affixes of the input string, and the top level domains associated with the input string, and generating a display for the user interface, where the display includes: the input string, the alternative of the input string, the affixes of the input string, and the top level domains associated with the input string; and indications of the registration availability of the domains names including the one-step string sequences.

Abstract: The disclosure is directed to providing content access control in information centric networking (ICN) networks. Methods and systems include hardware and/or software that perform operations for sending to a content provider of an ICN network an access request for content in response to receiving a first content request from a client. The operations also include receiving from the content provider access control information for the content. The operations further include sending to the client a challenge. Additionally, the operations include receiving from the client an authorization of the content provider that includes information obtained by the client from the content provider based on the challenge. Furthermore, the operations include verifying the authorization received from the client using the access control information received from the content provider. Moreover, the operations include sending to the client the content.

Abstract: In one embodiment, a domain-name based framework implemented in a digital assistant ecosystem uses domain names as unique identifiers for request types, requesting entities, responders, and target entities embedded in a natural language request. Further, the framework enables interpreting natural language requests according to domain ontologies associated with different responders. A domain ontology operates as a keyword dictionary for a given responder and defines the keywords and corresponding allowable values to be used for request types and request parameters. The domain-name based framework thus enables the digital assistant to interact with any responder that supports a domain ontology to generate precise and complete responses to natural language based requests.

Abstract: A technique for facilitating registration of an internet domain name with the domain name system (DNS) is presented. The technique can include receiving a request to register an encoding domain name with the DNS, the encoding domain name including an indication of a temporal event and of a target domain name. The technique can also include registering the encoding domain name to a registrant, where the registering the encoding domain name confers to the registrant a right to register the target domain name upon specified conditions, where the specified conditions include an occurrence of the temporal event. The technique can also include receiving a request initiated by the registrant to register the target domain name, and registering the target domain name to the registrant after satisfaction of the specified conditions.

Abstract: Various embodiments of the invention disclosed herein provide techniques for mitigating a distributed denial of service (DDoS) attack on a targeted computer system. A border gateway protocol (BGP) controller receives, via a first router, a BGP message that includes an indicator indicating that a computer system associated with the first router is under a DDoS attack. In response to receiving the BGP message, the BGP controller, in performs one or more operations to mitigate the DDoS attack. As a result, the time between detection of a DDoS attack and mitigating the attack is reduced relative to prior approaches. After receiving the BGP message indicating a DDoS attack is in progress, the DDoS attack mitigation platform automatically takes steps to mitigate the DDoS attack without further manual intervention. Consequently, the targeted computer system recovers more quickly and begins to respond to legitimate network requests sooner relative to prior approaches.

Abstract: One embodiment of the present application sets forth a computer-implemented method for establishing trust for handles used to identify digital objects in a digital object architecture (DOA) by associating a first attester identifier with a first attester from a trusted public key infrastructure (PKI), identifying a first digital object public key for a first digital object, generating, by the first attester, a first digital object identity attestation that associates the first digital object public key with a handle identifier for the first digital object, wherein the handle identifier is external to the trusted PKI, and generating a first attester identity attestation attesting that the first attester is authentic, where the first attester identity attestation includes the first attester identifier.

Abstract: Embodiments relate to systems, devices, and computer-implemented methods for managing domain name space collisions by accessing information, such as a domain name string, corresponding to a domain name resolution request and response. Based on at least the domain name string, a type of use value associated with the request can be determined. Based on at least the type of use value, a name collision risk value for the request can be determined. If the name collision risk value indicates there is a specified risk of a domain name string collision, then a domain name collision mitigation strategy can be generated and/or implemented.

Abstract: Provided is a method for providing Registration Data Access Protocol (“RDAP”) responses. The method includes obtaining, at a RDAP client over a network, a RDAP query for RDAP data from a user; providing, by the RDAP client, the RDAP query and a cryptographic credential to a RDAP server, wherein the RDAP server communicates with one or more thick RDAP servers to provide respective thick RDAP answers to the RDAP query, wherein at least one the respective thick RDAP answers are encrypted using a symmetric or asymmetric cryptographic key associated with the cryptographic credential of the RDAP client; obtaining a consolidated thick RDAP answer to the RDAP query from the RDAP server; decrypting the consolidated thick RDAP answer using a symmetric or asymmetric cryptographic key associated with the cryptographic credential; and providing the thick RDAP answer that is decrypted to the user.

Abstract: In one embodiment, a privacy and security engine enables a user to specify a recursive resolver for a domain name service (DNS) resolution process. The privacy and security engine receives default DNS settings that specify a default recursive resolver to be implemented as a recursive resolver for the DNS resolution process. The default DNS settings are provided by an underlying mobile operator network to which the user device is connected. The privacy and security engine causes the user device to disregard the default DNS settings and implement customized DNS settings that specify a preferred recursive resolver to be implemented as the recursive resolver for the DNS resolution process. The customized DNS settings are associated with an activated privacy and security mode. Unlike conventional approaches to overriding DNS settings, the user is able to specify the recursive resolver that implements the DNS resolution process irrespective of the underlying network.

Abstract: Techniques for generating internet domain name suggestions using machine learning are presented. Some techniques include obtaining sets of domain names, each set of domain names including domain names that concern a selected topic, training machine learning algorithms, such that trained language models are produced, each trained language model concerning a different selected topic, obtaining a seed domain name, identifying a primary topic that the seed domain name concerns, applying to the seed domain name a trained language model of the trained language models that concerns the primary topic, such that a primary proposed domain name is produced, where the primary proposed domain name concerns the primary topic and includes the seed domain name and at least one of a prefix or a suffix, and offering to register the primary proposed domain name.

Abstract: Various embodiments of the invention disclosed herein provide techniques for associating a firewall policy with a dynamic domain name system (DNS) hostname. A policy configuration portal transmits a first request to a names server to translate a first hostname into a corresponding network address. The policy configuration portal receives a first network address from the names server in response to the first request. The policy configuration portal determines that the first network address is different than a second network address that is currently associated with the first hostname. The policy configuration portal associates the first network address with the first hostname. The policy configuration portal modifies a firewall policy configuration associated with the first hostname to include the first network address. At least one advantage of the disclosed techniques is that a firewall policy can be implemented for a residential home or small business that employs dynamic IP addressing.

Abstract: Embodiments relate to systems, computer readable media, devices, and computer-implemented methods for providing improved network security by receiving a network packet, applying a filter rule in a first instance of a distributed reputation database to the network packet, determining, using a network interface card with a field programmable gate array, to drop or modify the network packet based on the applying, and transmitting reputation data to a security control center that includes a second instance of the distributed reputation database, where the reputation data includes information corresponding to the network packet that was dropped or modified.

Abstract: Provided is a method for assigning a time-to-live (“TTL”) value for a domain name system (“DNS”) record at a recursive DNS server. The method comprises obtaining, from a client, the TTL value for the DNS record; and storing, in a memory of the recursive DNS server, the TTL value, an identifier of the client, and the DNS record.

Abstract: A method for detecting a domain name that is associated with malicious behavior includes receiving domain data for a plurality of domain names including a first domain name and a plurality of similar domain names. The domain data includes a first attribute and a second attribute of the first domain name and the similar domain names. The first attribute of the first domain name is compared to the first attributes of the similar domain names to produce a first value. The second attribute of the first domain name is compared to the second attributes of the similar domain names to produce a second value. The first value and the second value are combined to produce a combined value. A likelihood that the first domain name is associated with malicious behavior is determined based on the combined value.

Abstract: Non-existent domain (NXD) queries may be monitored to determine if a keyword is included in NXD queries for a brand top level domain (TLD). When a predetermined number of NXD queries have been received for a brand domain that include the keyword, an action may be initiated. The action may be related to the registration of a new domain for the brand domain including the keyword.

Abstract: A resolution resiliency application performs robust domain name system (DNS) resolution. In operation, the resolution resiliency application determines that an authoritative name server that is responsible for a domain name specified in a DNS query is unavailable. In response to determining that the authoritative name server is unavailable, the resolution resiliency application performs operation(s) that modify one or more DNS records stored in a cache based on one or more resiliency policies associated with the authoritative name server. The resolution resiliency application then generates a DNS response to the DNS query based on a DNS record stored in the modified cache. Notably, the disclosed techniques increase the likelihood of providing clients with DNS responses that accurately provide requested information.

Abstract: Techniques for DNS registry facilitated assignment of a DNS domain name registered to a registrant as a blockchain user address in a blockchain network are presented. The techniques can include providing, by a DNS registry, a public key and a computer executable registry signature verification program configured to use the public key to validate signatures made using the private key for addition to a block in a blockchain of the blockchain network. The techniques can also include receiving a request for a proof of registrar of record, and providing a proof of registration message, such that the registry signature verification program validates the signature using the public key, and the blockchain network receives and stores in the blockchain an association between the domain name and an existing blockchain user address for the registrant.

Abstract: Systems and methods for creating a new domain, such as a top-level domain or a second-level domain, make use of a Domain Manager that enables a user to enter data that is necessary or optional to implement the creation of a new domain. Systems such as, for example, a Registry and one or more Registrars, may use the data defined by the Domain Manager to create a new domain.