Abstract: In a network, Domain Name Service (DNS) queries may be handled by one or more resolvers and one or more authoritative name servers. If a DNS distributed denial of service attack is launched against the network, it may degrade the performance of the authoritative name servers. As such, systems and methods for protection of authoritative name servers are provided.

Abstract: In a network system in which a server receives packets each including a source address, and in which the server ordinarily responds to each packet, Distributed Denial of Service attacks may be launched by malicious actors controlling a plurality of network devices. In such an attack, the attacking devices may spoof the IP address of a legitimate device, e.g., they may include, in each packet, the source address of the legitimate device. As such, systems and methods for increased security using client address manipulation are provided.

Abstract: Novel tools and techniques are provided for implementing improvement to domain name system (“DNS”) security. In various embodiments, a computing system may receive a user datagram protocol (“UDP”)-based DNS request, and may send a UDP-based response message, which may include an empty payload portion and a header portion containing a truncate flag that is set, which indicates to resend the request as a transmission control protocol (“TCP”)-based DNS request. When the TCP-based DNS request is received within a first period, the computing system may send, to the source address, a TCP-based response message comprising an answer to a query (in the TCP-based DNS request) for a destination DNS record associated with a destination device. If no TCP-based DNS request is received from the source address within the first period, the computing system may block all UDP-based DNS requests from the source address for at least a second period.

Abstract: Novel tools and techniques are provided for implementing improvement to domain name system (“DNS”) security. In various embodiments, a computing system may receive a user datagram protocol (“UDP”)-based DNS request, and may send a UDP-based response message, which may include an empty payload portion and a header portion containing a truncate flag that is set, which indicates to resend the request as a transmission control protocol (“TCP”)-based DNS request. When the TCP-based DNS request is received within a first period, the computing system may send, to the source address, a TCP-based response message comprising an answer to a query (in the TCP-based DNS request) for a destination DNS record associated with a destination device. If no TCP-based DNS request is received from the source address within the first period, the computing system may block all UDP-based DNS requests from the source address for at least a second period.

Abstract: In a network system in which a server receives packets each including a source address, and in which the server ordinarily responds to each packet, Distributed Denial of Service attacks may be launched by malicious actors controlling a plurality of network devices. In such an attack, the attacking devices may spoof the IP address of a legitimate device, e.g., they may include, in each packet, the source address of the legitimate device. As such, systems and methods for increased security using client address manipulation are provided.

Abstract: Novel tools and techniques are provided for implementing improvement to domain name system (“DNS”) security. In various embodiments, a computing system may receive a user datagram protocol (“UDP”)-based DNS request, and may send a UDP-based response message, which may include an empty payload portion and a header portion containing a truncate flag that is set, which indicates to resend the request as a transmission control protocol (“TCP”)-based DNS request. When the TCP-based DNS request is received within a first period, the computing system may send, to the source address, a TCP-based response message comprising an answer to a query (in the TCP-based DNS request) for a destination DNS record associated with a destination device. If no TCP-based DNS request is received from the source address within the first period, the computing system may block all UDP-based DNS requests from the source address for at least a second period.

Abstract: In a network, Domain Name Service (DNS) queries may be handled by one or more resolvers and one or more authoritative name servers. If a DNS distributed denial of service attack is launched against the network, it may degrade the performance of the authoritative name servers. As such, systems and methods for protection of authoritative name servers are provided.

Abstract: The present application describes the generation and use of micro-pools that are assigned to various DHCP servers by an agent. In examples, each micro-pool includes a set number of IP addresses. The agent tracks which DHCP servers are assigned which micro-pools. As the IP addresses of a micro-pool are assigned to requesting computing devices, the agent may subsequently assign an additional micro-pool to a particular DHCP server.

Abstract: The present application describes the generation and use of micro-pools that are assigned to various DHCP servers by an agent. In examples, each micro-pool includes a set number of IP addresses. The agent tracks which DHCP servers are assigned which micro-pools. As the IP addresses of a micro-pool are assigned to requesting computing devices, the agent may subsequently assign an additional micro-pool to a particular DHCP server.

Abstract: The present application describes the generation and use of micro-pools that are assigned to various DHCP servers by an agent. In examples, each micro-pool includes a set number of IP addresses. The agent tracks which DHCP servers are assigned which micro-pools. As the IP addresses of a micro-pool are assigned to requesting computing devices, the agent may subsequently assign an additional micro-pool to a particular DHCP server.