30 results about "DNS zone" patented technology

Techniques for electronically signing DNS records stored in a zone file for an internet DNS zone are presented. The techniques include electronically accessing a plurality of DNS resource records of a DNS zone stored on one or more DNS servers of a distributed DNS database; generating a plurality of leaf nodes from the plurality of DNS resource records; constructing a recursive hash tree from the plurality of leaf nodes, where the recursive hash tree includes a plurality of nodes including a root node and the plurality of leaf nodes, where each node of the plurality of nodes includes either a leaf node or a hash of data including child nodes; storing the root node in a DNS key resource record for a zone signing key for the zone; and publishing, in a DNS resource record signature resource record, validation data including path data from the recursive hash tree.

A method for administering a top-level domain by analyzing domain name registrations for requests for suspicious or malicious domain names. A request to register a domain name is received. The requested domain name's information may be stored in a registry database. The requested domain name may also be conditionally stored in the domain name system (DNS) zone. The requested domain name is compared to a list of botnet domain names stored in a watch list database. If the requested domain name corresponds to one of the botnet domain names, the requested domain name is prevented from being added to the DNS zone or is removed from the DNS zone, if it has already been stored there. The information regarding the requested domain name is stored in the registry database, even if the domain name does not ultimately stay in the DNS zone.

Disclosed herein is a Domain Name Server (DNS) service providing method and apparatus. In an embodiment of the present invention, when a domain name resolution request is received from a local DNS server, a host record for a domain of the domain name resolution request is requested and received from a user DNS server, and a response to the domain name resolution request is sent to the local DNS server, using the received host record. According to the present invention, it beneficially allows the effective addition or modification of a DNS zone file and thus provides a DNS service more promptly and accurately.

The invention discloses a DNS zone file full-amount issuing method and device, and the method comprises the steps: loading an index region of a target DNS zone file which is pre-coded into a network data format based on a text format DNS zone file to a memory based on a target full-amount issuing request, and obtaining a DNS message index list; and traversing the DNS message index list based on the target full-amount issuing request, and issuing each DNS message in the data area of the target DNS area file to the network equipment by adopting a zero-copy technology in sequence. Visibly, the area file in the text format is pre-coded into a network data format which can be directly issued in a full amount, and repeated analysis and coding are not needed to improve the DNS data processing performance; the target DNS zone file is issued by combining the zero copy technology, the data copy of the DNS message is eliminated, the kernel space and the user space do not need to be switched, theoperation cost of the DNS is reduced, and the method is suitable for a high-concurrency full-amount issuing scene.

The invention discloses a multi-version DNS zone file full-amount issuing method and device, and the method comprises the steps: obtaining a new-version DNS zone file in a full-amount issuing process,receiving a new full-amount issuing request, and determining a resource record, related to an updating operation, from an old-version DNS file to the new-version DNS zone file as a target resource record; based on the target resource record, the updating operation corresponding to the target resource record and the data transmission block set corresponding to the old version DNS zone file, obtaining a multiplexing data transmission block and a new data transmission block to form a data transmission block set corresponding to the new version DNS zone file; and according to the new full-amountissuing request, issuing a data transmission block set corresponding to the new-version DNS area file in a full-amount manner. Data transmission blocks in a data transmission block set corresponding to an old version DNS zone file are multiplexed to the maximum extent based on update operation resource records involved in the new version DNS zone file, and resource consumption of a CPU and a memory is reduced.

A network-accessible cyber-threat security analytics service is configured to receive and respond to requests that originate as name queries to a Domain Name System (DNS) service. Threat intelligence information provided by the service is organized into threat intelligence zones that correspond to zones exposed via the DNS service. Upon receipt of a DNS query, the query having been generated by an application seeking access to threat intelligence data exposed by the service, the query is translated into a DNS zone-specific API request based on the type of threat intelligence information sought. The zone-specific API request is then used to retrieve the requested threat intelligence information from a threat intelligence database. The requested threat intelligence information is then returned to the application by being encoded as part of a response to the DNS query. In this manner, the DNS protocol is leverage to facilitate highly-efficient access and retrieval of threat intelligence information.

A method for automatic address configuration, router, computer program, computer-readable medium and method for automatically configuring a router that has an upstream interface, connected or connectable to a higher-level subnetwork and / or a higher-level router, and a downstream interface, connected or connectable to a lower-level subnetwork, wherein whether the router receives, on the upstream interface, messages providing notification of at least one domain as part of a DNS search list option, is monitored and, if the message is not received over a prescribed period, a DNS island mode is automatically activated in which the DNS zone of a local DNS server of the router is configured using a predefined island domain, and a transmission module of the router is prompted to send a message via the downstream interface, which message includes the preconfigured island domain as part of a DNS search list option, preferably an address of the downstream interface.

The present application discloses a method and device for verifying DNS zone data. The method includes: obtaining the latest update corresponding to the latest serial number from the latest update transaction of the incremental data file after the secondary DNS server completes the incremental update each time. The digital fingerprint of the transaction is the first verification digital fingerprint; the digital fingerprint of the kth updated transaction is pre-generated based on the resource record query hash value of the 1st to k updated transactions in the local area file and the incremental data file using the digital fingerprint encoding algorithm And stored; Obtain the digital fingerprint corresponding to the latest serial number from the zone file of the primary DNS server as the first standard digital fingerprint; if the first verification digital fingerprint is inconsistent with the first standard digital fingerprint, determine the DNS zone data of the secondary DNS server abnormal. It can be seen that the digital fingerprint technology is applied to the data verification of the DNS area, and the data consistency verification method of the DNS area is established to timely discover the security risks of the inconsistency of the DNS area data.

The present application discloses a method and device for delivering a full amount of DNS zone files. The method includes: based on a target full delivery request, loading the index area of ​​the target DNS zone file based on a text format DNS zone file pre-coded into a network data format to The memory obtains the DNS message index list; traverses the DNS message index list based on the target full delivery request, and sequentially uses the zero-copy technology to deliver each DNS message in the data area of ​​the target DNS zone file to the network device. It can be seen that the zone file in text format is pre-encoded into a network data format that can be directly delivered in full, without repeated parsing and encoding to improve DNS data processing performance; combined with zero-copy technology, the target DNS zone file is delivered to eliminate data copying of DNS messages , there is no need to switch between kernel space and user space, reducing the running cost of DNS, and is suitable for high-concurrency and full-volume delivery scenarios.

A network-accessible cyber-threat security analytics service is configured to receive and respond to requests that originate as name queries to a Domain Name System (DNS) service. Threat intelligence information provided by the service is organized into threat intelligence zones that correspond to zones exposed via the DNS service. Upon receipt of a DNS query, the query having been generated by an application seeking access to threat intelligence data exposed by the service, the query is translated into a DNS zone-specific API request based on the type of threat intelligence information sought. The zone-specific API request is then used to retrieve the requested threat intelligence information from a threat intelligence database. The requested threat intelligence information is then returned to the application by being encoded as part of a response to the DNS query. In this manner, the DNS protocol is leverage to facilitate highly-efficient access and retrieval of threat intelligence information.

Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers.

The present invention provides a method, primary Domain Name System(DNS) server, secondary DNS server and domain name system for realizing synchronization of the DNS zone creation, wherein the method includes: the primary DNS server creates a DNS zone and sets the dependence relationship between each DNS server in the DNS zone, and each DNS server includes a primary DNS server and at least two levels of secondary DNS servers(11); according to the dependence relationship, the primary DNS server sends to the secondary DNS servers level by level a notification message including the information of the higher-level server of the secondary DNS servers, until each secondary DNS server has recorded the information of the higher-level server which each secondary DNS server belongs to, and has obtained the zone file from each higher-level server according to the notification message(12). The defect of the prior art that when the DNS server creates a new DNS zone, the DNS administer needs to execute manual update on the zone file corresponding to the newly created DNS zone and the higher-level server information of the secondary DNS server in the secondary DNS server is changed, and thus when the DNS server creates a new DNS zone, an automatic update is realized.

This application discloses a method and device for delivering full-volume multi-version DNS zone files. The method includes: if a new version of DNS zone files is obtained during the process of full-volume delivery, and a new full-volume delivery request is received, the old version of DNS files is determined to be transferred to the new version. The resource record involved in the update operation of the version DNS zone file is the target resource record; based on the target resource record, the update operation corresponding to the target resource record, and the data transmission block set corresponding to the old version DNS zone file, the multiplexed data transmission block and the new The data transfer block forms a data transfer block set corresponding to the new version of the DNS zone file; according to the new full-volume delivery request, the full-volume delivery of the data transfer block set corresponding to the new version of the DNS zone file. Based on the resource records involved in the update operation in the new version of the DNS zone file, the data transmission blocks in the data transmission block set corresponding to the old version of the DNS zone file are reused to the maximum extent to reduce the resource consumption of CPU and memory.

The invention discloses a safe and reliable DNS (Domain Name System) zone file information issuing updating method and system, belonging to the computer network technical field. The method comprises the following steps that: a main node regularly extracts a batch of data from an authoritative analytic database; after preprocessing, the update information of the zone file is delivered to a message server in the form of a message; the message server issues the update information of the zone file to each sub-node orderly and separately and simultaneously keeps the same in the database; and after all the sub-nodes confirm completion of updating, the message is deleted from the database. The system comprises a main node, a plurality of sub-nodes and a message server cluster; the message server cluster is in communication connection with the main node and the sub-nodes through the network, respectively. Compared with the prior art, the method and the system provided by the invention are capable of ensuring the succession and correction of update issuing of the zone file and have high controllability.

A method for automatically configuring a router (10) that has at least one upstream interface (11), connected or connectable to a higher-level subnetwork and / or a higher-level router, and at least one downstream interface (12), connected or connectable to a lower-level subnetwork (5), wherein it is monitored whether the router (10) receives, on the at least one upstream interface (11), messages providing notification of at least one domain, in particular as part of a DNS search list option (21), and, if no such message has been received over a prescribed period, a DNS island mode is automatically activated in which the DNS zone (22) of a local DNS server (14) of the router (10) is configured using a predefined island domain, and a transmission module (13) of the router (10) is prompted to send at least one message via at least one downstream interface (12), which message comprises the preconfigured island domain, in particular as part of a DNS search list option (31), and preferably an address (23) of the downstream interface (12). The invention furthermore relates to a method for automatic address configuration, a router (10), a computer program and a computer-readable medium.

Techniques for electronically signing DNS records stored in a zone file for an internet DNS zone are presented. The techniques include electronically accessing a plurality of DNS resource records of a DNS zone stored on one or more DNS servers of a distributed DNS database; generating a plurality of leaf nodes from the plurality of DNS resource records; constructing a recursive hash tree from the plurality of leaf nodes, where the recursive hash tree includes a plurality of nodes including a root node and the plurality of leaf nodes, where each node of the plurality of nodes includes either a leaf node or a hash of data including child nodes; storing the root node in a DNS key resource record for a zone signing key for the zone; and publishing, in a DNS resource record signature resource record, validation data including path data from the recursive hash tree.

The invention relates to a DNS zone file multi-node transmission method and system. A DNS zone file segmentation module and a slave server management module are added to a master server. The method includes the steps: (1) a plurality of authority servers including the master server and a plurality of slave servers are deployed in a DNS system, the master server periodically produces DNS zone files and sends the DNS zone files to the slave servers; (2) after the DNS zone files are segmented on the master server, file subblocks are numbered, and a slave server list is generated according to register information on the master server; (3) the master server sends a zone file update command to the slave servers in the slave server list and meanwhile sends the slave server list to the slave servers; (4) the slave servers pick neighbor nodes after receiving the update command and load the multi-node file subblocks after the neighbor nodes are selected to complete transmission of the DNS zone files.

The invention discloses a domain name-based classification information publishing method and system. The classification information publishing method includes: publishing the classification information content to be released to the classification information site host; The resolution record is added to the DNS zone file, wherein the domain name resolution record of the WEB service is a second-level subdomain or multi-level subdomain under the top-level domain. In the present invention, since each piece of classification information corresponds to a classification information domain name, the information is unique to a certain extent, and can be used for network identification, authoritative information release, etc. , fast and precise features.