Abstract: Systems and methods for creating a list of trustworthy resolvers in a domain name system. A computer receives a resolver profile for a resolver sending queries to a domain name server. The resolver profile is based on any, or a combination, of a top-talker status of the resolver, a normalcy of distribution of domain names queried, a continuity of distribution of query type, and a RD bit status, and information related to query traffic based on the topology of the domain name server. Resolver profiles can be compared to a trust policy to determine whether the resolver is trustworthy. Resolvers deemed trustworthy can be added to a list of trustworthy resolvers. Embodiments can detect the occurrence of a network-based attack. Embodiments can mitigate the effect of a network-based attack by responding only to queries from resolvers on the list of trustworthy resolvers.

Abstract: Embodiments of the present invention provide a method and system for high-speed database searching with concurrent updating, without the use of database locks or access controls, for large database systems. Specifically, a plurality of search queries may be received over a network, the database may be searched, and a plurality of search replies may be sent over the network. While searching the database, new information received over the network may be incorporated into the database by creating a new element based on the new information and writing a pointer to the new element to the database using a single uninterruptible operation.

Abstract: A system, method, and computer-readable medium, is described that enables a parallelizing scheduler to analyze database instructions, determine data dependencies among instructions, and provide a multi-threaded approach to running instructions in parallel while preserving data dependencies.

Abstract: Methods and systems are disclosed for quickly providing Whois services to a new top level domain after it is provisioned in a registry. In one embodiment, domain data is received at a first system regarding a top level domain (TLD). The domain data is assigned an authoritative port of a Whois server and is provisioned in a registry database. In certain embodiments, the Whois server provides information relating to domain name registrations of the TLD in the database, according to the authoritative port. The Whois server determines that a Whois query is received at the authoritative port for the queried TLD and responds with the queried information. To the requester, the responses appear as if they are sent from a unique Whois server for each TLD, but the Whois server is actually shared among the TLDs.

Abstract: A privacy enhanced identity scheme that may use public and private key cryptography to selectively distribute attributes of a token holder to a relying party. A challenge message {Rnonce, RID}, where Rnonce is a reader nonce and RID is a reader identifier. Methods may also include, responsive to the challenge message, sending a response message including at least an encrypted private token identifier TID and a session key k. In response to a challenge from a reader. The token sends a message that includes token identifier that is un-linkable to other identifiers sent from the same token.

Abstract: Systems and methods are disclosed for collecting network traffic logs at a plurality of network sites, such as DNS name servers and network routers, and transmitting data extracted from the network traffic logs to a central repository. In one implementation, a system includes a processor and a memory. The memory stores instructions that cause the processor to retrieve PCAP files from a plurality of servers and extract data from the PCAP files. The data comprises header data and digest data. The processor stores the header data and the digest data in a header/digest pair. In another aspect, the processor retrieves a sample of the PCAP files from each of the plurality of servers rather than retrieving all PCAP files.

Abstract: A system and method for modifying a bulk set of domain names through bulk operations. A request to modify a bulk set of data associated with domain names is received by a registry. A bulk processing engine associated with the registry can analyze the requested update job, and enforce compliance with a set of policies governing the operation of registry. A priority level can also be assigned to the requested job, so that it will be executed before or after other pending jobs. The user can likewise provide user-supplied policies, which can also be validated against the set of registry policies. Data faults can be reduced or eliminated, and update operations can be performed by comparatively inexperienced personnel.

Abstract: Systems and methods for creating a list of trustworthy resolvers in a domain name system. A computer receives a resolver profile for a resolver sending queries to a domain name server. The resolver profile is based on any, or a combination, of a top-talker status of the resolver, a normalcy of distribution of domain names queried, a continuity of distribution of query type, and a RD bit status, and information related to query traffic based on the topology of the domain name server. Resolver profiles can be compared to a trust policy to determine whether the resolver is trustworthy. Resolvers deemed trustworthy can be added to a list of trustworthy resolvers. Embodiments can detect the occurrence of a network-based attack. Embodiments can mitigate the effect of a network-based attack by responding only to queries from resolvers on the list of trustworthy resolvers.

Abstract: An in-camera two-stage compression implementation is described that reduces the latency between snapshots to a fraction of that otherwise required by other systems that either process complete compression following each snapshot or that incorporate heavy, bulky, and expensive RAM hardware capable of maintaining several raw luminosity records (unprocessed file containing a digital image). In the 1st stage compression the raw luminosity record is quickly, yet partially, compressed to available RAM buffer space to allow a user to expeditiously capture a succeeding image. When the higher-priority processes, the user shooting pictures, and stage one compression subside, a 2nd stage compression, which is slower but more effective, decompresses the earlier partially-compressed images, and re-compresses them for saving in flash memory until they are distributed to a remote platform to be finally converted to the JPEG2000 format.

Abstract: Incoming data streams are managed by receiving a data stream on at least one network interface card (NIC) and performing operations on the data stream using a first process running several first threads for each network interface card and at least one group of second multiple processes each with an optional group o second threads. The first process and the one or more groups of second multiple processes are independent and communicate via the shared memory. The first threads for each network interface card are different than the group of second threads. The system includes at least one network interface card that receives a data stream, a first processor that runs a first process that uses a plurality of first threads for each network interface card and a second processor that runs at least one group of second multiple processes each with art optional group of second threads.

Abstract: Methods and systems for intelligently choosing an authoritative name server from among a group of name servers for resolving Domain Name System requests. Systems and methods are provided that enable choosing of a first server associated with and/or operated by a first service provider based on a first measurement associated with that first server. The systems and methods further comprise requesting first data from that first server, determining that the first server is unresponsive, and choosing a second server. The second server is chosen based on a second measurement, and chosen contingent on it being associated with and/or operated by to a different service provider than that associated with the first server. The systems and methods then comprise requesting second data from the second server.

Abstract: Systems and methods are disclosed for analyzing network traffic data to generate complex statistics associated with the network traffic in real-time through parallel processing and data pipelining. In one implementation, a system includes a processor and a memory. The memory stores instructions that cause the processor to generate a plurality of program instances, wherein a first program instance observes the network traffic and uses a plurality of execution threads to distribute portions of the network traffic to additional program instances tasked with generating statistics associated with the network traffic. In other embodiments, a plurality of additional execution threads to the first program instance are tasked with generating the statistics. In either case, the generated statistics are placed into a data pipeline organized into time intervals of generated statistics, wherein the computation of higher-order statistics are computed as the lower-order time intervals are processed.

Abstract: The present subject matter is directed to systems and methods for automating the testing of multi-function systems, such as naming registration systems and the like. A method of testing a registry, and the like, may include providing a command phrase including an add command and at least one function that includes an artificial attribute for a domain added by the add command. The command phrase may specify an operation, a protocol, and an object. The operation may include at least one of add, delete, or update domain. The protocol may include at least one of RRP and EPP. One or more parameters associated with the command phrase may be provided and may include an expected response code and/or a variable. One or more additional parameters that are associated with the command phrase may be determined and a database may be accessed to provide the one or more additional parameters.

Abstract: A system and method is disclosed herein for detecting fast flux networks. In one embodiment, the method comprises querying a domain name system (DNS) for DNS records associated with a domain. The method further comprises determining whether the domain name is part of a fast flux network of computers from results of the query. The method may further comprise determining the type of fast flux network as one of a single flux network, a double flux network, a top-tier flux network, or a lower-tier flux network.

Abstract: An automated method for determining domain traffic including receiving at authoritative name server a request to resolve a domain name that has n labels separated by periods. The leftmost label is the first label and the top level domain is the nth label. If the first label of the received domain name includes the string “www”, then a www hit counter and/or a www requesting server counter for the domain name are incremented. If the received domain name has only two labels, then an exact hit counter and/or an exact requesting server counter for the domain name are incremented. If the first label of the received domain name does not include the string “www” and does not have only two labels, then another hit counter and/or another requesting server counter for the domain name are incremented. A domain traffic score is calculated based upon a plurality of the counters, and calculating the domain traffic score includes applying a weighting factor to at least one of the counters.

Abstract: A system, method, and computer-readable medium, is described that provides a probability of deletion (or renewal rate) prediction for a domain name based on a historical model of expired and renewed domain names. Domain name attribute sets are defined using domain attribute/value combinations. These sets are used to classify past expired and renewed domain names into each of the applicable sets where the domain attribute and values match the expired or renewed domain names. The percentage of renewed domain names in a set is used to predict the likelihood that a user will renew a domain name set to expire in a defined window and that matches the attribute/value combinations that make up the domain attribute set. This predicted percentage is used to target domains and deliver marketing offers to the domain contacts.

Abstract: A method of testing the server implementation of the Domain Name System protocol by using a first body of computer code in a first programming language capable of sending and receiving DNS requests, and a second body of computer readable code in a second programming language capable of generating DNS requests and verifying responses. The second programming language may be tailored to writing code being capable of generating Domain Name System requests and verifying the response thereby allowing the program to be efficiently reconfigured to test different aspects of the server.

Abstract: A method of triggering crawling of a domain includes receiving information related to a domain from a registrar and processing the information related to the domain. The method also includes storing the processed information in a registry zone file and forming a list of registry data based on the processed information. The list of registry data comprises a subset of the registry zone file. The method farther includes crawling one or more of the domains in the list of registry data.

Abstract: Systems and methods for scoring a domain web traffic based on DNS traffic requests received at an authoritative name server to resolve the domain name. A request to resolve the domain name is received at an authoritative name server. A counter, such as a server counter or a hit counter, for the domain name is incremented based on the received request. A score, such as a domain traffic score or a domain rank, is calculated based upon a count of the counter. Calculating the score may also include applying a weighting factor to the counters based on information about a requesting set of resolvers and other domains/websites that may be linking and driving traffic to the domain whose traffic score is being calculated. Examples of relevant set of resolvers information may include location, traffic levels, traffic type and architecture of the set of resolvers.

Abstract: A method, system, and computer-readable medium are described for registering and using multilingual domain names that include characters outside the ASCII character subset supported by the DNS system. Such multilingual domain names can in some situations be registered by first being converted into appropriate ASCII-Compatible Encodings (ACEs) that represent the corresponding multilingual domain names and that use only characters within the ASCII character subset. In addition, a variety of binary variants may be generated at registration for each multilingual domain name and then used as equivalents for the multilingual domain name, such as by storing the variants in the registry as alternative domain names or by otherwise reserving the binary variants. When requests to resolve such a registered multilingual domain name into a corresponding IP address or URL are received, the stored binary variants and/or ACE information can then be used to respond in an appropriate manner.