Abstract: Methods and systems for detecting and responding to Denial of Service (“DoS”) attacks comprise: detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system.

Abstract: A computer-implemented method, computer-readable medium, and an apparatus operable to perform the method is provided for managing multiple provisioned domain name system (“DNS”) registry objects. The method can include receiving, at a DNS registry, a multiple domain extensible provisioning protocol (“EPP”) command from a registrar on behalf of a registrant to perform an action for each provisioned DNS registry object of the multiple provisioned DNS registry objects; comparing the action with one or more allowable actions in a policy maintained by the registry; determining, by a processor, that the action is allowable based on the comparing; and performing, based on the determining, the action on each of the provisioned DNS registry objects in one transaction.

Abstract: Various embodiments of the invention disclosed herein provide techniques for managing a domain name system (DNS) based attack. An exfiltration and tunneling mitigation platform receives a first DNS request directed to a first domain name. The exfiltration and tunneling mitigation platform determines that a first characteristic associated with a first fully qualified domain name (FQDN) included in the first DNS request exceeds a first threshold value. In response, the exfiltration and tunneling mitigation platform computes a distance between the first FQDN and a second FQDN included in a second DNS request also directed to the first domain name. The exfiltration and tunneling mitigation platform increments a first count value associated with the first domain name based on the distance. At least one advantage of the disclosed techniques is that a DNS-based attack can be detected and mitigated before a significant amount of DNS exfiltration or DNS tunneling has occurred.

Abstract: Embodiments relate to systems, devices, and computing-implemented methods for resolving DNS requests by sending, from a device, a first DNS request for a domain name associated with a local service device to a DNS firewall server. The DNS firewall server can send a response that includes a status indicating a server failure in response to determining that the first DNS request is associated with a customer of a DNS firewall service and determining that a record associated with the domain name cannot be found. The device can receive the response and send a second DNS request to an internal DNS server in response to the status indicating the server failure.

Abstract: A method for mitigating a denial of service attack includes determining, for a client, a number of requests being transmitted to a server and determining, for the client, that the number of requests for a time period is greater than a top talker threshold. The method includes classifying the client as a top talker based on the number of requests being greater than the top talker threshold and identifying, for the client, additional requests being transmitted to the server. The method also includes determining whether a number of the additional requests matches one or more attack patterns and preventing one or more of the additional requests from being transmitted to the server if the number of additional requests that matches one or more attack patterns is greater than a first threshold.

Abstract: Techniques for smart navigation are presented. The techniques can include receiving, at a navigation service and via the internet, a request for a network resource, where the request includes command data provided by a navigation client, and where the command data includes an entity name and a keyword. The techniques can include obtaining, from at least one database of the navigation service, a network locator corresponding to the entity name and the keyword. The techniques can further include providing, in response to the receiving and via the internet, the network locator.

Abstract: A system, method, and computer-readable medium enable a domain name or host name registry to effectively manage status codes associated with the domain or host. Status codes are organized into status sets that can be added, removed, activated, or deactivated in accordance with a suitable change request. The status codes corresponding to a removed status set that are also enabled according to other active status sets are not removed when the removal of the status set is processed.

Abstract: A method of publishing a publication message includes receiving, at one of a plurality of first relays, a subscription request from a first client and transmitting the subscription request from the one of the plurality of first relays to only one of a plurality of central relays. The method also includes receiving, at another of the plurality of first relays, a publication request from a second client. The publication request includes the publication message. The method further includes transmitting the publication message from the another of the plurality of first relays to all of the plurality of central relays, transmitting the publication message from at least one of the plurality of central relays to the one of the plurality of first relays, and transmitting the publication message from the one of the plurality of first relays to the first client.

Abstract: Embodiments relate to systems, devices, and computer-implemented methods for characterizing domain names by determining a name server switching footprint for domain names using a data set corresponding to name server operations for the domain names. The domain names can be clustered into groups based on the name server switching footprints, and intended uses of domain names in a group can be extrapolated to other domain names in the group. Name server switching footprints can also be predicted for new domains names using a prediction model trained using the determined name server switching footprints for the domain names in the data set.

Abstract: A system, method, and computer-readable medium for detecting malicious computer code are provided. A dataset may be accessed and converted to a binary dataset according to a predefined conversion algorithm. One or more cycles in the binary dataset may be identified. Statistical analysis may be performed on the identified one or more cycles. A determination that the set of dataset includes malicious software code may be made based on the performed statistical analysis.

Abstract: Systems and methods for performing DNSSEC signing are described in which digital signature operations may be performed by a network accessible signing server that is configured to interact with a separate client application. Exemplary methods may include receiving a signing request at the signing server from the client application to sign first data. The signing server may determine an active KSK and/or an active ZSK for the first data. The first data may then be transmitted by the signing server to a digital signature modules, which may include, for example, a hardware support module, or software signing applications. The signing server may receive a digitally signed version of the first data from the digital signature module, and provide the signed first data to the client application.

Abstract: Techniques for electronically signing DNS records stored in a zone file for an internet DNS zone are presented. The techniques include electronically accessing a plurality of DNS resource records of a DNS zone stored on one or more DNS servers of a distributed DNS database; generating a plurality of leaf nodes from the plurality of DNS resource records; constructing a recursive hash tree from the plurality of leaf nodes, where the recursive hash tree includes a plurality of nodes including a root node and the plurality of leaf nodes, where each node of the plurality of nodes includes either a leaf node or a hash of data including child nodes; storing the root node in a DNS key resource record for a zone signing key for the zone; and publishing, in a DNS resource record signature resource record, validation data including path data from the recursive hash tree.

Abstract: Embodiments relate to systems, devices, and computer-implemented methods for detecting double signing in one-time use signature schemes by receiving a first message, where the first message includes a signature generated using a one-time use private key of a one-time use public/private key pair, determining a one-time use public key of the public/private key pair based on the first message, adding the one-time use public key to a list of public keys, receiving a second message, where the second message includes a signature generated using the one-time use private key of the one-time use public/private key pair, determining the one-time use public key of the public/private key pair based on the second message, determining that the one-time use public/private key pair was used more than once based on the list of public keys; and generating an alert based on determining that the one-time use public/private key pair was used more than once.

Abstract: A plurality of input string n-grams may be generated by accessing an input string and generating a Universal character set transformation format (UTF) encoded input string from the input string. The UTF encoded input string may be parsed via an n-gram parser to generate a plurality of input string n-grams, where a length of each of the input string n-grams is larger than a lower bound and smaller than an upper bound. The generated plurality of input string n-grams may be provided to determine matches between the input string and a domain.

Abstract: One or more DNS services are provided that are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.

Abstract: Provided are methods, devices, and computer-readable media for generating a string of characters based on a set of rules; parsing the string of characters into string of graphemes; determining one or more phonetic representations for one or more graphemes in the string of graphemes based on a first data structure; determining at least one grapheme representation for one or more of the one or more phonetic representations based on a second data structure; and constructing the phonetic representation of the string of characters based on the grapheme representation that was determined.

Abstract: Provided is a method, device, and computer-readable medium for converting a string of characters in a first language into a phonetic representation of a second language using a first data structure that maps graphemes in the first language to one or more universal phonetic representations based on an international phonetic alphabet, wherein the first data structure comprises a plurality of first nodes with each first node of the plurality of first nodes having a respective weight assigned that corresponds to a likely pronunciation of a grapheme, and a second data structure that maps the one or more universal phonetic representations to one or more graphemes in the second language, wherein the second data structure comprises a plurality of second nodes with each second node of the plurality of second nodes having a respective weight assigned that corresponds to a likely representation of a grapheme in the second language.

Abstract: The present disclosure provides systems, methods, and products for high performance implementation of traffic management rules. In various embodiments, traffic management rules, such as DNS traffic management rules, are functionally expressed as rows in one or more lookup tables that are deployed to DNS resolution servers. The DNS resolution server uses the domain name, resource record type, traffic management rule types, and/or traffic management variable values to search for or look up an answer, from among multiple answers corresponding to the domain name and resource record type that meets the traffic management criteria. This look up is done without executing conventional traffic management code or scripts.