Abstract: A method for detecting a domain name that is associated with malicious behavior includes receiving domain data for a plurality of domain names including a first domain name and a plurality of similar domain names. The domain data includes a first attribute and a second attribute of the first domain name and the similar domain names. The first attribute of the first domain name is compared to the first attributes of the similar domain names to produce a first value. The second attribute of the first domain name is compared to the second attributes of the similar domain names to produce a second value. The first value and the second value are combined to produce a combined value. A likelihood that the first domain name is associated with malicious behavior is determined based on the combined value.

Abstract: A resolution resiliency application performs robust domain name system (DNS) resolution. In operation, the resolution resiliency application determines that an authoritative name server that is responsible for a domain name specified in a DNS query is unavailable. In response to determining that the authoritative name server is unavailable, the resolution resiliency application performs operation(s) that modify one or more DNS records stored in a cache based on one or more resiliency policies associated with the authoritative name server. The resolution resiliency application then generates a DNS response to the DNS query based on a DNS record stored in the modified cache. Notably, the disclosed techniques increase the likelihood of providing clients with DNS responses that accurately provide requested information.

Abstract: Non-existent domain (NXD) queries may be monitored to determine if a keyword is included in NXD queries for a brand top level domain (TLD). When a predetermined number of NXD queries have been received for a brand domain that include the keyword, an action may be initiated. The action may be related to the registration of a new domain for the brand domain including the keyword.

Abstract: Techniques for DNS registry facilitated assignment of a DNS domain name registered to a registrant as a blockchain user address in a blockchain network are presented. The techniques can include providing, by a DNS registry, a public key and a computer executable registry signature verification program configured to use the public key to validate signatures made using the private key for addition to a block in a blockchain of the blockchain network. The techniques can also include receiving a request for a proof of registrar of record, and providing a proof of registration message, such that the registry signature verification program validates the signature using the public key, and the blockchain network receives and stores in the blockchain an association between the domain name and an existing blockchain user address for the registrant.

Abstract: Systems and methods for creating a new domain, such as a top-level domain or a second-level domain, make use of a Domain Manager that enables a user to enter data that is necessary or optional to implement the creation of a new domain. Systems such as, for example, a Registry and one or more Registrars, may use the data defined by the Domain Manager to create a new domain.

Abstract: Systems and methods for automating client-side synchronization and discovery of public keys and certificates of external contacts include a key synchronizer at a client device. The key synchronizer obtains, from the client device, an external contact associated with an external domain outside of a local domain of the client device and then identifies, based on the external domain, a public key registry outside of the local domain. The key synchronizer obtains, from the public key registry, a registry-supplied public key or digital certificate for the external contact and then stores the registry-supplied key as a locally-stored key in the local key store such that the client device can obtain and apply the locally-stored key to secure an email targeting the external contact as a recipient of the email.

Abstract: A method, system, apparatus, and computer-readable memory containing instructions include receiving, at an agent operating on a client device, a (domain name system) DNS resolution request for a domain name. The DNS resolution request is transmitted to a first DNS server including a firewall service and a second DNS server within a local network to the client device. Responses to the DNS resolution request from the first and second DNS server are received. The agent determines how to resolve the DNS resolution request based on one or more of the received responses.

Abstract: Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.

Abstract: Disclosed are techniques for ranking domain names for presentation to a user. The techniques include obtaining, over a computer network, domain name data including, for each of a plurality of training domain names, respective user information; generating, by at least one electronic processor, a model relating at least features of each of the plurality of training domain names to respective user features derived from the respective user information; obtaining novel user information for a novel user; obtaining a plurality of domain names; ranking the plurality of domain names, using the model and novel input data including novel user features derived from the novel user information, according to predicted domain name suitability for the novel user; and providing a ranked list of the plurality of domain names.

Abstract: Implementations relate to systems and methods for configuring a probe server network using a reliability model. A company, customer, or organization may wish to outsource the management of a set of name servers used to operate a domain name, such as a domain name associated with a Web site. In aspects, that deployment of name servers can be monitored by a separate set of failover or probe servers which are configured to track the uptime, operability, and performance of the underlying name servers, which can number in the thousands. An administrator or other user may wish to determine a minimum number of probe servers to apply to the name server topology, to achieve desired service levels. According to aspects, automated tools and logic are provided which model and simulate the overall network including the number and arrangement of necessary probe servers to ensure performance, failover reliability, and other factors.

Abstract: Various embodiments of the invention disclosed herein provide techniques for dynamically assigning a signaling server for threat mitigation. A DDoS detection server transmits a first message to a first signaling server requesting first configuration data. The DDoS detection server receives a second message from the first signaling server that includes first configuration data identifying a second signaling server. The DDoS detection server determines that a distributed denial of service (DDoS) attack is in progress. The DDoS detection server, in response to determines that a DDoS attack is in progress, transmitting a third message to the second signaling server requesting mitigation of the DDoS attack.

Abstract: Some embodiments provide domain name suggestions based on a user-provided ASCII phrase translated and/or transliterated into any of a number of supported non-English language character sets. To suggest non-English-language domain names, some embodiments parse, translate, and transliterate the user-provided ASCII names into domain names that include at least one non-English language character. Moreover, some embodiments determine the DNS registration status (e.g., as a second-level domain) of the Punycode (in ASCII) corresponding to these non-English domain names and provide the user with the ability to register any that are unregistered.

Abstract: Techniques for distributing a symmetric key using the Domain Name System (DNS) are presented. The techniques can include receiving, at a first key server and from a first computer, a request for first information sufficient for the first computer to obtain, and second information sufficient for a second computer to obtain, a symmetric key for securing at least one communication sent from the first computer to the second computer, and providing, by the first key server and to the first computer, the first information and the second information, such that the first computer secures at least one communication sent from the first computer to the second computer using at least the symmetric key for securing at least one communication sent from the first computer to the second computer.

Abstract: In one embodiment, a domain-name based framework implemented in a digital assistant ecosystem uses domain names as unique identifiers for request types, requesting entities, responders, and target entities embedded in a natural language request. Further, the framework enables interpreting natural language requests according to domain ontologies associated with different responders. A domain ontology operates as a keyword dictionary for a given responder and defines the keywords and corresponding allowable values to be used for request types and request parameters. The domain-name based framework thus enables the digital assistant to interact with any responder that supports a domain ontology to generate precise and complete responses to natural language based requests.

Abstract: A method and a system and computer readable medium configured to perform and store the method for providing domain registry services is provided. The method includes receiving, at a domain registry comprising at least one electronic server computer, a first domain request from a registrar, wherein the first domain request comprises a first extensible provisioning protocol (“EPP”) command to perform a first action on a first domain name associated with a first pool of network resources; accessing, by at least one electronic processor, an electronically stored first policy, wherein the first policy comprises connection and throughput parameters for the registrar to access the first pool of network resources; applying, by at least one electronic processor, the first policy to the first domain name request; and providing, by at least one electronic processor, a first response to the first domain request.

Abstract: Some embodiments provide a technique for detecting highly-vulnerable domain names and remediating associated problems. The technique can include collecting DNS data representing a requests to the DNS over a period of time and determining a subset of the DNS data representing DNS-based service discovery requests to unregistered domains over the period of time. The technique can also include, for each of the unregistered domains, determining a query ratio and a persistence ratio. The technique can also include ranking the unregistered domains according to a metric that includes the query ratios and the persistence ratios, such that a ranked list of domain names is produced and outputting an initial segment of the ranked list of domain names as the highly-vulnerable domain names. The technique can also include remediating attacks on at least one of the highly-vulnerable domain names.

Abstract: Systems and methods are disclosed for routing requests for information based on predictive data. The systems and methods may receive measurement data indicative of states of each of a plurality of destination servers, and generate predicted measurement data values for each of the plurality of destination servers based on the retrieved measurement data. The predicted measurement data values may represent predicted states of each of the destination servers at a time later than a time corresponding to the received measurement data. The systems and methods may also receive requests for information from a client computer, and route the received requests for information to one of the plurality of destination servers based on the predicted measurement data value.

Abstract: In one embodiment, a security provisioning service automatically establishes trust in a device. Upon receiving a provisioning request, a security provisioning service identifies a verification item that is associated with the provisioning request. The security provisioning service performs one or more verification operations based on the provisioning request to determine whether the provisioning request is authorized. If the provisioning request is authorized, then the provisioning service establishes a verifiable identification for the device that is assured by the secure provisioning service and then executes the provisioning request. By automatically performing the verification operations to establish trust in the device, the provisioning service eliminates manual identification assurance operations that are performed as part of a conventional security provisioning process.

Abstract: A method of recovering a registry includes accessing a plurality of registry zone files for the registry and archiving, on a first periodic basis, the plurality of registry zone files. Each of the registry zone files includes at least domain names, registrar IDs, and status information represented in a first predetermined format. The method also includes accessing bulk WHOIS data for the registry and archiving, on a second periodic basis, the bulk WHOIS data. The bulk WHOIS data includes at least nameserver server names, IP addresses, and status information represented in a second predetermined format. The method further includes validating one of the plurality of archived registry zone files based on a comparison between the plurality of registry zone files and the bulk WHOIS data, publishing the validated registry zone file to a second registry's nameservers, initiating a root zone change request, and updating authoritative nameservers.