Patents
Literature
Hiro is an intelligent assistant for R&D personnel, combined with Patent DNA, to facilitate innovative research.
Hiro

30 results about "DNS zone" patented technology

A DNS zone is any distinct, contiguous portion of the domain name space in the Domain Name System (DNS) for which administrative responsibility has been delegated to a single manager. The domain name space of the Internet is organized into a hierarchical layout of subdomains below the DNS root domain. The individual domains of this tree may serve as delegation points for administrative authority and management. However, usually it is furthermore desirable to implement fine-grained boundaries of delegation, so that multiple sub-levels of a domain may be managed independently. Therefore, the domain name space is partitioned into areas (zones) for this purpose. A zone starts at a domain and extends downward in the tree to the leaf nodes or to the top-level of subdomains where other zones start.

Hash-based electronic signatures for data sets such as dnssec

Techniques for electronically signing DNS records stored in a zone file for an internet DNS zone are presented. The techniques include electronically accessing a plurality of DNS resource records of a DNS zone stored on one or more DNS servers of a distributed DNS database; generating a plurality of leaf nodes from the plurality of DNS resource records; constructing a recursive hash tree from the plurality of leaf nodes, where the recursive hash tree includes a plurality of nodes including a root node and the plurality of leaf nodes, where each node of the plurality of nodes includes either a leaf node or a hash of data including child nodes; storing the root node in a DNS key resource record for a zone signing key for the zone; and publishing, in a DNS resource record signature resource record, validation data including path data from the recursive hash tree.
Owner:VERISIGN

System and method for electronic certificate revocation

A system and method of verifying whether a certificate has been revoked by providing a DNS responder containing a certificate revocation list (CRL), parsing the CRL into DNS zones, and distributing this information to the respective primary DNS responders based upon DNS zones. Information about a specific certificate is gathered by querying a DNS responder for certificate validation information, receiving such information, and reporting the results of the queries to a client software application so that the user of the system can be informed as to whether the certificate has been revoked or not.
Owner:GLOBALCERTS LLC

Opt-in process and nameserver system for IETF DNSSEC

InactiveUS20080260160A1Facilitating DNSSEC deploymentDecreases comprehensivenessSpecial service provision for substationPublic key for secure communicationComputer networkName server
The process of signing and then publishing a DNS zone according to the IETF DNSSEC protocols is improved by the present invention, in order to facilitate the DNSSEC deployment until most of the DNS zones are signed. The prior art situation is that a second-level domain, e.g. example.com, often faces an unwanted status of “DNSSEC island of security,” and a challenging task of “trust anchor key” out-of-band distribution. The invention somehow fixes such broken DNSSEC chains of trust, e.g. it fills the gap between a DNSSEC island of security and its signed grandparent or ancestor. The invention is deemed useful for the introduction of DNS root nameservice substitution for DNSSEC support purposes, and allows opt-in while NSEC3 opt-out is awaiting deployment in large TLDs.
Owner:CONNOTECH EXPERTS CONSEIL

Method for administering a top-level domain

A method for administering a top-level domain by analyzing domain name registrations for requests for suspicious or malicious domain names. A request to register a domain name is received. The requested domain name's information may be stored in a registry database. The requested domain name may also be conditionally stored in the domain name system (DNS) zone. The requested domain name is compared to a list of botnet domain names stored in a watch list database. If the requested domain name corresponds to one of the botnet domain names, the requested domain name is prevented from being added to the DNS zone or is removed from the DNS zone, if it has already been stored there. The information regarding the requested domain name is stored in the registry database, even if the domain name does not ultimately stay in the DNS zone.
Owner:VERISIGN

Establishing caches that provide dynamic, authoritative DNS responses

Embodiments are directed to establishing caches that provide authoritative domain name system (DNS) answers to DNS requests. In one scenario, a computer system establishes a cache that stores authoritative DNS answers to DNS queries. The cache corresponds to a specified DNS zone that includes authoritative DNS answers for a subset of DNS queries. The cache is configured to store the authoritative DNS answers for at least a specified period of time during which the authoritative DNS answers are updatable. The cache then receives an update indicating that at least one cached DNS answer is out-of-date and the computer system purges the out-of-date DNS answer from the cache, ensuring that the cache continually provides authoritative DNS answers for DNS queries assigned to the specified DNS zone.
Owner:MICROSOFT TECH LICENSING LLC

DNS zone file multi-node transmission method and system

The invention relates to a DNS zone file multi-node transmission method and system. A DNS zone file segmentation module and a slave server management module are added to a master server. The method includes the steps: (1) a plurality of authority servers including the master server and a plurality of slave servers are deployed in a DNS system, the master server periodically produces DNS zone files and sends the DNS zone files to the slave servers; (2) after the DNS zone files are segmented on the master server, file subblocks are numbered, and a slave server list is generated according to register information on the master server; (3) the master server sends a zone file update command to the slave servers in the slave server list and meanwhile sends the slave server list to the slave servers; (4) the slave servers pick neighbor nodes after receiving the update command and load the multi-node file subblocks after the neighbor nodes are selected to complete transmission of the DNS zone files.
Owner:CHINA INTERNET NETWORK INFORMATION CENTER

Method for administering a top-level domain

A method for administering a top-level domain by analyzing domain name registrations for requests for suspicious or malicious domain names. A request to register a domain name is received. The requested domain name's information may be stored in a registry database. The requested domain name may also be conditionally stored in the domain name system (DNS) zone. The requested domain name is compared to a list of botnet domain names stored in a watch list database. If the requested domain name corresponds to one of the botnet domain names, the requested domain name is prevented from being added to the DNS zone or is removed from the DNS zone, if it has already been stored there. The information regarding the requested domain name is stored in the registry database, even if the domain name does not ultimately stay in the DNS zone.
Owner:VERISIGN

Supporting DNS security in a multi-master environment

Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers.
Owner:MICROSOFT TECH LICENSING LLC

Method for resolving root domain name

The invention discloses a method for resolving a root domain name. The method comprises the following steps that: a root server stores at least NS records of a root, a TLD, and a second-level domain name server; the root server is divided into two categories, A and B, according to the way of obtaining an NS record source of a DNS zone, and implements differentiated data management rules for two types of data; the root server adds a backup service record to verify the security level of the domain name to be queried; and the root server is divided into a main root server and a mirror root server, and implements different mirroring rules. According to the method for resolving the root domain name, the root server provides stored records of the roots and N-level subdomain authoritative queries, and ensures the record retention and update of the root independent operation, thereby providing localized root mirroring rules, reducing resolution latency, and improving security and stability.
Owner:INTERNET DOMAIN NAME SYST BEIJING ENG RES CENT

Safe and reliable DNS zone file information issuing updating method and system

The invention discloses a safe and reliable DNS (Domain Name System) zone file information issuing updating method and system, belonging to the computer network technical field. The method comprises the following steps that: a main node regularly extracts a batch of data from an authoritative analytic database; after preprocessing, the update information of the zone file is delivered to a message server in the form of a message; the message server issues the update information of the zone file to each sub-node orderly and separately and simultaneously keeps the same in the database; and after all the sub-nodes confirm completion of updating, the message is deleted from the database. The system comprises a main node, a plurality of sub-nodes and a message server cluster; the message server cluster is in communication connection with the main node and the sub-nodes through the network, respectively. Compared with the prior art, the method and the system provided by the invention are capable of ensuring the succession and correction of update issuing of the zone file and have high controllability.
Owner:CHINA INTERNET NETWORK INFORMATION CENTER

Method and device for providing DNS service

Disclosed herein is a Domain Name Server (DNS) service providing method and apparatus. In an embodiment of the present invention, when a domain name resolution request is received from a local DNS server, a host record for a domain of the domain name resolution request is requested and received from a user DNS server, and a response to the domain name resolution request is sent to the local DNS server, using the received host record. According to the present invention, it beneficially allows the effective addition or modification of a DNS zone file and thus provides a DNS service more promptly and accurately.
Owner:CDNETWORKS CO LTD

DNS zone file full-amount issuing method and device

The invention discloses a DNS zone file full-amount issuing method and device, and the method comprises the steps: loading an index region of a target DNS zone file which is pre-coded into a network data format based on a text format DNS zone file to a memory based on a target full-amount issuing request, and obtaining a DNS message index list; and traversing the DNS message index list based on the target full-amount issuing request, and issuing each DNS message in the data area of the target DNS area file to the network equipment by adopting a zero-copy technology in sequence. Visibly, the area file in the text format is pre-coded into a network data format which can be directly issued in a full amount, and repeated analysis and coding are not needed to improve the DNS data processing performance; the target DNS zone file is issued by combining the zero copy technology, the data copy of the DNS message is eliminated, the kernel space and the user space do not need to be switched, theoperation cost of the DNS is reduced, and the method is suitable for a high-concurrency full-amount issuing scene.
Owner:CHINA INTERNET NETWORK INFORMATION CENTER

DNS zone data verification method and device

The invention discloses a DNS zone data verification method and device, and the method comprises the steps: obtaining a latest updated transaction digital fingerprint corresponding to a latest serialnumber from a latest updated transaction of an incremental data file as a first verification digital fingerprint after an auxiliary DNS server completes incremental updating each time; wherein the kthupdated transaction digital fingerprint is generated and stored in advance by using a digital fingerprint coding algorithm based on resource record query hash values of the first to kth updated transactions in the local area file and the incremental data file; acquiring the digital fingerprint corresponding to the latest serial number from the zone file of the main DNS server as a first standarddigital fingerprint; and if the first verification digital fingerprint is inconsistent with the first standard digital fingerprint, determining that the DNS region data of the auxiliary DNS server isabnormal. Therefore, the digital fingerprint technology is applied to DNS region data verification, a DNS region data consistency verification method is established, and potential safety hazards of DNS region data inconsistency are discovered in time.
Owner:CHINA INTERNET NETWORK INFORMATION CENTER

Multi-version DNS (Domain Name System) zone file full-amount issuing method and device

ActiveCN110099117AImprove zone transfer performanceReduce consumptionTransmissionMultiplexingResource consumption
The invention discloses a multi-version DNS zone file full-amount issuing method and device, and the method comprises the steps: obtaining a new-version DNS zone file in a full-amount issuing process,receiving a new full-amount issuing request, and determining a resource record, related to an updating operation, from an old-version DNS file to the new-version DNS zone file as a target resource record; based on the target resource record, the updating operation corresponding to the target resource record and the data transmission block set corresponding to the old version DNS zone file, obtaining a multiplexing data transmission block and a new data transmission block to form a data transmission block set corresponding to the new version DNS zone file; and according to the new full-amountissuing request, issuing a data transmission block set corresponding to the new-version DNS area file in a full-amount manner. Data transmission blocks in a data transmission block set corresponding to an old version DNS zone file are multiplexed to the maximum extent based on update operation resource records involved in the new version DNS zone file, and resource consumption of a CPU and a memory is reduced.
Owner:CHINA INTERNET NETWORK INFORMATION CENTER

Threat intelligence information access via a DNS protocol

A network-accessible cyber-threat security analytics service is configured to receive and respond to requests that originate as name queries to a Domain Name System (DNS) service. Threat intelligence information provided by the service is organized into threat intelligence zones that correspond to zones exposed via the DNS service. Upon receipt of a DNS query, the query having been generated by an application seeking access to threat intelligence data exposed by the service, the query is translated into a DNS zone-specific API request based on the type of threat intelligence information sought. The zone-specific API request is then used to retrieve the requested threat intelligence information from a threat intelligence database. The requested threat intelligence information is then returned to the application by being encoded as part of a response to the DNS query. In this manner, the DNS protocol is leverage to facilitate highly-efficient access and retrieval of threat intelligence information.
Owner:IBM CORP

Domain name based classified information distributing method and system

The invention discloses a domain name based classified information distributing method and system. The classified information distributing method includes distributing to-be-classified information content to a classified information site host; adding domain name analysis record of site host WEB service corresponding to the classified information content into a DNS area file, wherein the domain name analysis record of site host WEB service is a second-level sub domain or multi-level sub domain under a top-level domain. According to the invention, since each piece of classified information is corresponding to a classified information domain name, the information has uniqueness in a way and can be applied to network marking and authority information publishing. Besides, domain name based classified information distribution has characteristics of convenience, quickness and accuracy.
Owner:CHINA ACADEMY OF INFORMATION & COMM

Method for updating key-signing keys and zone-signing keys in domain name system security extension

The invention relates to a method for updating key-signing keys and zone-signing keys in domain name system security extension (DNSSEC). The method includes the following steps that: in a DNS region, new key-signing keys and new zone-signing keys are added to a DNSKEY resource record set, and the new key-signing keys and original key-signing keys are utilized to sign the DNSKEY; the new zone-signing keys are utilized to sign all resource record sets, and the new key-signing keys or DS records are submitted to the parent domain of the DNS region; the DNS region signed by the new zone-signing keys is transmitted to a slave server of the DNS region, and the DS records are transmitted to a slave server of the parent domain; and original zone-signing keys are deleted from the DNSKEY, and the new key-signing keys are utilized to re-sign the DNSKEY resource record set, and the original key-signing keys are deleted from the DNSKEY, and the new key-signing keys are utilized to re-sign the DNSKEY resource record set.
Owner:政务和公益机构域名注册管理中心

Method for Automatically Configuring a Router, Method for Automatic Address Configuration, Router, Computer Program and Computer-Readable Medium

A method for automatic address configuration, router, computer program, computer-readable medium and method for automatically configuring a router that has an upstream interface, connected or connectable to a higher-level subnetwork and / or a higher-level router, and a downstream interface, connected or connectable to a lower-level subnetwork, wherein whether the router receives, on the upstream interface, messages providing notification of at least one domain as part of a DNS search list option, is monitored and, if the message is not received over a prescribed period, a DNS island mode is automatically activated in which the DNS zone of a local DNS server of the router is configured using a predefined island domain, and a transmission module of the router is prompted to send a message via the downstream interface, which message includes the preconfigured island domain as part of a DNS search list option, preferably an address of the downstream interface.
Owner:SIEMENS AG

Method for automatically configuring a router, method for automatic address configuration, router, computer program and computer-readable medium

A method for automatic address configuration, router, computer program, computer-readable medium and method for automatically configuring a router that has an upstream interface, connected or connectable to a higher-level subnetwork and / or a higher-level router, and a downstream interface, connected or connectable to a lower-level subnetwork, wherein whether the router receives, on the upstream interface, messages providing notification of at least one domain as part of a DNS search list option, is monitored and, if the message is not received over a prescribed period, a DNS island mode is automatically activated in which the DNS zone of a local DNS server of the router is configured using a predefined island domain, and a transmission module of the router is prompted to send a message via the downstream interface, which message includes the preconfigured island domain as part of a DNS search list option, preferably an address of the downstream interface.
Owner:SIEMENS AG

A method and device for verifying dns area data

The present application discloses a method and device for verifying DNS zone data. The method includes: obtaining the latest update corresponding to the latest serial number from the latest update transaction of the incremental data file after the secondary DNS server completes the incremental update each time. The digital fingerprint of the transaction is the first verification digital fingerprint; the digital fingerprint of the kth updated transaction is pre-generated based on the resource record query hash value of the 1st to k updated transactions in the local area file and the incremental data file using the digital fingerprint encoding algorithm And stored; Obtain the digital fingerprint corresponding to the latest serial number from the zone file of the primary DNS server as the first standard digital fingerprint; if the first verification digital fingerprint is inconsistent with the first standard digital fingerprint, determine the DNS zone data of the secondary DNS server abnormal. It can be seen that the digital fingerprint technology is applied to the data verification of the DNS area, and the data consistency verification method of the DNS area is established to timely discover the security risks of the inconsistency of the DNS area data.
Owner:CHINA INTERNET NETWORK INFORMATION CENTER

A method and device for distributing all dns zone files

The present application discloses a method and device for delivering a full amount of DNS zone files. The method includes: based on a target full delivery request, loading the index area of ​​the target DNS zone file based on a text format DNS zone file pre-coded into a network data format to The memory obtains the DNS message index list; traverses the DNS message index list based on the target full delivery request, and sequentially uses the zero-copy technology to deliver each DNS message in the data area of ​​the target DNS zone file to the network device. It can be seen that the zone file in text format is pre-encoded into a network data format that can be directly delivered in full, without repeated parsing and encoding to improve DNS data processing performance; combined with zero-copy technology, the target DNS zone file is delivered to eliminate data copying of DNS messages , there is no need to switch between kernel space and user space, reducing the running cost of DNS, and is suitable for high-concurrency and full-volume delivery scenarios.
Owner:CHINA INTERNET NETWORK INFORMATION CENTER

Threat intelligence information access via a DNS protocol

A network-accessible cyber-threat security analytics service is configured to receive and respond to requests that originate as name queries to a Domain Name System (DNS) service. Threat intelligence information provided by the service is organized into threat intelligence zones that correspond to zones exposed via the DNS service. Upon receipt of a DNS query, the query having been generated by an application seeking access to threat intelligence data exposed by the service, the query is translated into a DNS zone-specific API request based on the type of threat intelligence information sought. The zone-specific API request is then used to retrieve the requested threat intelligence information from a threat intelligence database. The requested threat intelligence information is then returned to the application by being encoded as part of a response to the DNS query. In this manner, the DNS protocol is leverage to facilitate highly-efficient access and retrieval of threat intelligence information.
Owner:IBM CORP

Support DNS security in multi-principal environment

Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers.
Owner:MICROSOFT TECH LICENSING LLC

Method, server and domain name system for realizing purpose of creating synchronization in DNS region

The present invention provides a method, primary Domain Name System(DNS) server, secondary DNS server and domain name system for realizing synchronization of the DNS zone creation, wherein the method includes: the primary DNS server creates a DNS zone and sets the dependence relationship between each DNS server in the DNS zone, and each DNS server includes a primary DNS server and at least two levels of secondary DNS servers(11); according to the dependence relationship, the primary DNS server sends to the secondary DNS servers level by level a notification message including the information of the higher-level server of the secondary DNS servers, until each secondary DNS server has recorded the information of the higher-level server which each secondary DNS server belongs to, and has obtained the zone file from each higher-level server according to the notification message(12). The defect of the prior art that when the DNS server creates a new DNS zone, the DNS administer needs to execute manual update on the zone file corresponding to the newly created DNS zone and the higher-level server information of the secondary DNS server in the secondary DNS server is changed, and thus when the DNS server creates a new DNS zone, an automatic update is realized.
Owner:CHINA INTERNET NETWORK INFORMATION CENTER

A method and device for delivering full volume of multi-version DNS zone files

ActiveCN110099117BImprove zone transfer performanceReduce consumptionTransmissionEngineeringTerm memory
This application discloses a method and device for delivering full-volume multi-version DNS zone files. The method includes: if a new version of DNS zone files is obtained during the process of full-volume delivery, and a new full-volume delivery request is received, the old version of DNS files is determined to be transferred to the new version. The resource record involved in the update operation of the version DNS zone file is the target resource record; based on the target resource record, the update operation corresponding to the target resource record, and the data transmission block set corresponding to the old version DNS zone file, the multiplexed data transmission block and the new The data transfer block forms a data transfer block set corresponding to the new version of the DNS zone file; according to the new full-volume delivery request, the full-volume delivery of the data transfer block set corresponding to the new version of the DNS zone file. Based on the resource records involved in the update operation in the new version of the DNS zone file, the data transmission blocks in the data transmission block set corresponding to the old version of the DNS zone file are reused to the maximum extent to reduce the resource consumption of CPU and memory.
Owner:CHINA INTERNET NETWORK INFORMATION CENTER

Safe and reliable DNS zone file information issuing updating method and system

The invention discloses a safe and reliable DNS (Domain Name System) zone file information issuing updating method and system, belonging to the computer network technical field. The method comprises the following steps that: a main node regularly extracts a batch of data from an authoritative analytic database; after preprocessing, the update information of the zone file is delivered to a message server in the form of a message; the message server issues the update information of the zone file to each sub-node orderly and separately and simultaneously keeps the same in the database; and after all the sub-nodes confirm completion of updating, the message is deleted from the database. The system comprises a main node, a plurality of sub-nodes and a message server cluster; the message server cluster is in communication connection with the main node and the sub-nodes through the network, respectively. Compared with the prior art, the method and the system provided by the invention are capable of ensuring the succession and correction of update issuing of the zone file and have high controllability.
Owner:CHINA INTERNET NETWORK INFORMATION CENTER

A method and system for multipoint transmission of dns zone files

The invention relates to a DNS zone file multi-node transmission method and system. A DNS zone file segmentation module and a slave server management module are added to a master server. The method includes the steps: (1) a plurality of authority servers including the master server and a plurality of slave servers are deployed in a DNS system, the master server periodically produces DNS zone files and sends the DNS zone files to the slave servers; (2) after the DNS zone files are segmented on the master server, file subblocks are numbered, and a slave server list is generated according to register information on the master server; (3) the master server sends a zone file update command to the slave servers in the slave server list and meanwhile sends the slave server list to the slave servers; (4) the slave servers pick neighbor nodes after receiving the update command and load the multi-node file subblocks after the neighbor nodes are selected to complete transmission of the DNS zone files.
Owner:CHINA INTERNET NETWORK INFORMATION CENTER

Method and system for publishing classified information based on domain name

The invention discloses a domain name-based classification information publishing method and system. The classification information publishing method includes: publishing the classification information content to be released to the classification information site host; The resolution record is added to the DNS zone file, wherein the domain name resolution record of the WEB service is a second-level subdomain or multi-level subdomain under the top-level domain. In the present invention, since each piece of classification information corresponds to a classification information domain name, the information is unique to a certain extent, and can be used for network identification, authoritative information release, etc. , fast and precise features.
Owner:CHINA ACADEMY OF INFORMATION & COMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products