30 results about "DNS zone" patented technology

A method for administering a top-level domain by analyzing domain name registrations for requests for suspicious or malicious domain names. A request to register a domain name is received. The requested domain name's information may be stored in a registry database. The requested domain name may also be conditionally stored in the domain name system (DNS) zone. The requested domain name is compared to a list of botnet domain names stored in a watch list database. If the requested domain name corresponds to one of the botnet domain names, the requested domain name is prevented from being added to the DNS zone or is removed from the DNS zone, if it has already been stored there. The information regarding the requested domain name is stored in the registry database, even if the domain name does not ultimately stay in the DNS zone.

The present application discloses a method and device for verifying DNS zone data. The method includes: obtaining the latest update corresponding to the latest serial number from the latest update transaction of the incremental data file after the secondary DNS server completes the incremental update each time. The digital fingerprint of the transaction is the first verification digital fingerprint; the digital fingerprint of the kth updated transaction is pre-generated based on the resource record query hash value of the 1st to k updated transactions in the local area file and the incremental data file using the digital fingerprint encoding algorithm And stored; Obtain the digital fingerprint corresponding to the latest serial number from the zone file of the primary DNS server as the first standard digital fingerprint; if the first verification digital fingerprint is inconsistent with the first standard digital fingerprint, determine the DNS zone data of the secondary DNS server abnormal. It can be seen that the digital fingerprint technology is applied to the data verification of the DNS area, and the data consistency verification method of the DNS area is established to timely discover the security risks of the inconsistency of the DNS area data.

Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers.

This application discloses a method and device for delivering full-volume multi-version DNS zone files. The method includes: if a new version of DNS zone files is obtained during the process of full-volume delivery, and a new full-volume delivery request is received, the old version of DNS files is determined to be transferred to the new version. The resource record involved in the update operation of the version DNS zone file is the target resource record; based on the target resource record, the update operation corresponding to the target resource record, and the data transmission block set corresponding to the old version DNS zone file, the multiplexed data transmission block and the new The data transfer block forms a data transfer block set corresponding to the new version of the DNS zone file; according to the new full-volume delivery request, the full-volume delivery of the data transfer block set corresponding to the new version of the DNS zone file. Based on the resource records involved in the update operation in the new version of the DNS zone file, the data transmission blocks in the data transmission block set corresponding to the old version of the DNS zone file are reused to the maximum extent to reduce the resource consumption of CPU and memory.

The invention discloses a safe and reliable DNS (Domain Name System) zone file information issuing updating method and system, belonging to the computer network technical field. The method comprises the following steps that: a main node regularly extracts a batch of data from an authoritative analytic database; after preprocessing, the update information of the zone file is delivered to a message server in the form of a message; the message server issues the update information of the zone file to each sub-node orderly and separately and simultaneously keeps the same in the database; and after all the sub-nodes confirm completion of updating, the message is deleted from the database. The system comprises a main node, a plurality of sub-nodes and a message server cluster; the message server cluster is in communication connection with the main node and the sub-nodes through the network, respectively. Compared with the prior art, the method and the system provided by the invention are capable of ensuring the succession and correction of update issuing of the zone file and have high controllability.

A method for automatically configuring a router (10) that has at least one upstream interface (11), connected or connectable to a higher-level subnetwork and / or a higher-level router, and at least one downstream interface (12), connected or connectable to a lower-level subnetwork (5), wherein it is monitored whether the router (10) receives, on the at least one upstream interface (11), messages providing notification of at least one domain, in particular as part of a DNS search list option (21), and, if no such message has been received over a prescribed period, a DNS island mode is automatically activated in which the DNS zone (22) of a local DNS server (14) of the router (10) is configured using a predefined island domain, and a transmission module (13) of the router (10) is prompted to send at least one message via at least one downstream interface (12), which message comprises the preconfigured island domain, in particular as part of a DNS search list option (31), and preferably an address (23) of the downstream interface (12). The invention furthermore relates to a method for automatic address configuration, a router (10), a computer program and a computer-readable medium.

Techniques for electronically signing DNS records stored in a zone file for an internet DNS zone are presented. The techniques include electronically accessing a plurality of DNS resource records of a DNS zone stored on one or more DNS servers of a distributed DNS database; generating a plurality of leaf nodes from the plurality of DNS resource records; constructing a recursive hash tree from the plurality of leaf nodes, where the recursive hash tree includes a plurality of nodes including a root node and the plurality of leaf nodes, where each node of the plurality of nodes includes either a leaf node or a hash of data including child nodes; storing the root node in a DNS key resource record for a zone signing key for the zone; and publishing, in a DNS resource record signature resource record, validation data including path data from the recursive hash tree.

The invention relates to a DNS zone file multi-node transmission method and system. A DNS zone file segmentation module and a slave server management module are added to a master server. The method includes the steps: (1) a plurality of authority servers including the master server and a plurality of slave servers are deployed in a DNS system, the master server periodically produces DNS zone files and sends the DNS zone files to the slave servers; (2) after the DNS zone files are segmented on the master server, file subblocks are numbered, and a slave server list is generated according to register information on the master server; (3) the master server sends a zone file update command to the slave servers in the slave server list and meanwhile sends the slave server list to the slave servers; (4) the slave servers pick neighbor nodes after receiving the update command and load the multi-node file subblocks after the neighbor nodes are selected to complete transmission of the DNS zone files.

The invention discloses a domain name-based classification information publishing method and system. The classification information publishing method includes: publishing the classification information content to be released to the classification information site host; The resolution record is added to the DNS zone file, wherein the domain name resolution record of the WEB service is a second-level subdomain or multi-level subdomain under the top-level domain. In the present invention, since each piece of classification information corresponds to a classification information domain name, the information is unique to a certain extent, and can be used for network identification, authoritative information release, etc. , fast and precise features.