Abstract: Systems and methods for out-of-band communications in the domain name system (DNS) are disclosed. Embodiments include a system for negotiating DNS services in the DNS. The system includes an in-band communication channel connecting a first party and a second party, and one or more out-of-band communication channels connecting the first party and the second party. The first party performs messaging for the DNS services with the second party using the in-band communication channel. Further, the first party advertises terms of the DNS service offered by the second party using the one or more out-of-band communication channels.

Abstract: A technique for facilitating registration of an internet domain name with the domain name system (DNS) is presented. The technique can include receiving a request to register an encoding domain name with the DNS, where the encoding domain name includes an indication of a temporal event and of a pool of domain names. The technique can also include registering the encoding domain name to a registrant, thereby conferring to the registrant a right to register a target domain name of the registrant's selection from the pool of domain names upon specified conditions, where the specified conditions include an occurrence of the temporal event. The technique can also include receiving a request initiated by the registrant to register the target domain name. The technique can also include registering the target domain name to the registrant after satisfaction of the specified conditions.

Abstract: A technique for facilitating registration of an internet domain name with the domain name system (DNS) is presented. The technique can include receiving a request to register an encoding domain name with the DNS, the encoding domain name including an indication of a temporal event and of a target domain name. The technique can also include registering the encoding domain name to a registrant, where the registering the encoding domain name confers to the registrant a right to register the target domain name upon specified conditions, where the specified conditions include an occurrence of the temporal event. The technique can also include receiving a request initiated by the registrant to register the target domain name, and registering the target domain name to the registrant after satisfaction of the specified conditions.

Abstract: A method, system, and computer-readable memory containing instructions include employing a tokenizing authority to obtain a tokenized query term that represents a query term, using the tokenized query term to perform a lookup against a tokenized term database, determining whether the tokenized query term exists in the database. The method, system, and computer-readable memory may further include returning an encryption or decryption key corresponding to an encrypted record of information associated with the query term and corresponding to the tokenized query term.

Abstract: One or more DNS services are provided that are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.

Abstract: Techniques for smart navigation are presented. The techniques can include receiving, at a navigation service and via the internet, a request for a network resource, where the request includes command data provided by a navigation client, and where the command data includes an entity name and a keyword. The techniques can include obtaining, from at least one database of the navigation service, a network locator corresponding to the entity name and the keyword. The techniques can further include providing, in response to the receiving and via the internet, the network locator.

Abstract: In one embodiment, a zone resiliency application indicates that an authoritative name server is in a degraded state. In operation, the zone resiliency application determines that the authoritative name server is in a degraded state. The zone resiliency application then generates a status record that indicates the degraded state. Subsequently, the zone resiliency application associates the status record with a domain name service (DNS) response to a DNS query. The zone resiliency application then transmits the DNS response and the associated status record to a requester.

Abstract: In one embodiment, a resolution resiliency application modifies domain name service (DNS) resolution. In operation, the resolution resiliency application determines that an authoritative name server has begun recovering from a degraded state or receives a flush list update from the authoritative name server. In response, the resolution resiliency application performs operation(s) that modify a query rate and/or a cache. The query rate specifies a frequency associated with DNS queries transmitted to the first authoritative name server. The cache stores DNS record(s) received from the first authoritative name server. Finally, the resolution resiliency application generates a DNS response to a DNS query based on the modified query rate and/or the modified cache.

Abstract: In one embodiment, a resolution resiliency application performs robust domain name system (DNS) resolution. In operation, the resolution resiliency application determines that an authoritative name server that is responsible for a domain name specified in a DNS query is unavailable. In response to determining that the authoritative name server is unavailable, the resolution resiliency application performs operation(s) that modify one or more DNS records stored in a cache based on one or more resiliency policies associated with the authoritative name server. The resolution resiliency application then generates a DNS response to the DNS query based on a DNS record stored in the modified cache. Notably, unlike conventional techniques that may generate inaccurate DNS responses based on stale DNS records, the disclosed techniques increase the likelihood of providing clients with DNS responses that accurately provide requested information.

Abstract: In one embodiment, a resolution resiliency application performs robust domain name system (DNS) resolution. In operation, the resolution resiliency application determines that an authoritative name server that is responsible for a domain name specified in a DNS query is unavailable. In response to determining that the authoritative name server is unavailable, the resolution resiliency application performs operation(s) that modify one or more DNS records stored in a cache based on one or more resiliency policies associated with the authoritative name server. The resolution resiliency application then generates a DNS response to the DNS query based on a DNS record stored in the modified cache. Notably, unlike conventional techniques that may generate inaccurate DNS responses based on stale DNS records, the disclosed techniques increase the likelihood of providing clients with DNS responses that accurately provide requested information.

Abstract: Techniques for electronically signing DNS records stored in a zone file for an internet DNS zone are presented. The techniques include electronically accessing a plurality of DNS resource records of a DNS zone stored on one or more DNS servers of a distributed DNS database; generating a plurality of leaf nodes from the plurality of DNS resource records; constructing a recursive hash tree from the plurality of leaf nodes, where the recursive hash tree includes a plurality of nodes including a root node and the plurality of leaf nodes, where each node of the plurality of nodes includes either a leaf node or a hash of data including child nodes; storing the root node in a DNS key resource record for a zone signing key for the zone; and publishing, in a DNS resource record signature resource record, validation data including path data from the recursive hash tree.

Abstract: Embodiments relate to systems, devices, and computer-implemented methods for detecting double signing in one-time use signature schemes by receiving a first message, where the first message includes a signature generated using a one-time use private key of a one-time use public/private key pair, determining a one-time use public key of the public/private key pair based on the first message, adding the one-time use public key to a list of public keys, receiving a second message, where the second message includes a signature generated using the one-time use private key of the one-time use public/private key pair, determining the one-time use public key of the public/private key pair based on the second message, determining that the one-time use public/private key pair was used more than once based on the list of public keys; and generating an alert based on determining that the one-time use public/private key pair was used more than once.

Abstract: One or more DNS services are provided that are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.

Abstract: A technique for facilitating registration of an internet domain name with the domain name system (DNS) is presented. The technique can include receiving a request to register an encoding domain name with the DNS, the encoding domain name including an indication of a temporal event and of a target domain name. The technique can also include registering the encoding domain name to a registrant, where the registering the encoding domain name confers to the registrant a right to register the target domain name upon specified conditions, where the specified conditions include an occurrence of the temporal event. The technique can also include receiving a request initiated by the registrant to register the target domain name, and registering the target domain name to the registrant after satisfaction of the specified conditions.

Abstract: Techniques for provisioning a smart navigation service are presented. The provisioning can be performed by a name owner, by the smart navigation service itself, or by a third-party keyword service. The provisioned information can include an entity name, a keyword, and possibly other data correlated to at least one network locator. The navigation service electronically stores in navigation service persistent memory a rule correlating the entity name, the keyword, and, if used, the other data, to the at least one network locator, such that when the navigation service receives, from a client computer communicatively coupled to the navigation service, command data that includes the entity name, the keyword, and possibly other data, the navigation service responds to the client computer with the at least one network locator.

Abstract: The present invention generally relates to a system for, and method of, obtaining, from a first identifier in a first name space, a second identifier in a second name space. The disclosed technique involves obtaining the first identifier in the first name space from a source, applying a rule to the first identifier in the first name space, such that a second identifier in a second name space is obtained, and providing the second identifier, such that the source obtains the second identifier without resolving the first identifier using a domain name system (DNS).

Abstract: A method of providing one or more assertions about a subject is provided. The method includes obtaining, at an assertion directory access server and over a network, a first assertion about a first attribute of the subject from a first assertion issuer; obtaining, at the assertion directory access server and over a network, a second assertion about a second attribute of the subject from a second assertion issuer; and providing, from the assertion directory access server, the first assertion and the second assertion to an assertion directory authority server over a network.

Abstract: The present invention generally relates to systems and methods for extending a chain of trust beyond the DNS. Some embodiments provide a verifier with the ability to validate a chain of trust starting with the trust anchor at the DNS root all the way to a service or object of interest outside the DNS.

Abstract: The present disclosure relates to a computer-implemented method for responding to a query request from a requester using information supplied by an authoritative name server. The computer-implemented method can include obtaining, by a DNS resolution server, a query for a named resource from a requester, wherein the query comprises information comprising contextual information related to the requester. The method can obtain at least a portion of a zone file of a domain name space using the domain name system (DNS), one or more rules, and information on how to access information that is not local to the DNS resolution server from the authoritative name server based on the query obtained from the requester. An answer can then be provided to the query from requester based on the at least a portion of the zone file, the one or more rules, and the contextual information.

Abstract: Provided is a method for providing Registration Data Access Protocol (“RDAP”) responses. The method includes obtaining, at a RDAP client over a network, a RDAP query for RDAP data from a user; providing, by the RDAP client, the RDAP query and a cryptographic credential to a RDAP server, wherein the RDAP server communicates with one or more thick RDAP servers to provide respective thick RDAP answers to the RDAP query, wherein at least one the respective thick RDAP answers are encrypted using a symmetric or asymmetric cryptographic key associated with the cryptographic credential of the RDAP client; obtaining a consolidated thick RDAP answer to the RDAP query from the RDAP server; decrypting the consolidated thick RDAP answer using a symmetric or asymmetric cryptographic key associated with the cryptographic credential; and providing the thick RDAP answer that is decrypted to the user.