To mitigate attacks utilizing compromised DNS caches, a server gateway provides clients with unique IP addresses to contact the server. Packets sent to a server IP address from a particular client which are not linked to that particular with the server gateway are dropped. Thus, even if a client is compromised, the IP address for the server in the client's DNS cache cannot be used by other machines or virtual machines. With a one to one client to server IP address relationship, malicious actors cannot use numerous machines or virtual machines to overload the server with requests.

A data packet is received in a network element. The network element has a cache memory in which cache entries represent a portion of addresses stored in a main memory, The destination address and the cache entries each comprise a binary number. A first determination is made that a number M of the most significant bits of a cache entry and the destination address are identical. A second determination is made that an additional number M+L of the most significant bits of a cache entry and the destination address are identical. Routing information is then retrieved the cache memory, and the packet processed according to the routing information.

A reverse address resolution method and an electronic device are provided. In this method, a sender electronic device broadcasts a first request packet. An Ethernet payload of the first request packet includes a media access control (MAC) address of a target electronic device. After receiving the first request packet, the target electronic device determines that an IP address of the target electronic device is requested, and returns a first reply packet. An Ethernet payload of the first reply packet includes the internet protocol (IP) address of the target electronic device. According to the technical solutions provided in this application, the sender electronic device obtains the IP address of the target electronic device based on the MAC address of the target electronic device through interaction at a data link layer. Therefore, in a mobile distributed system, the IP address of the target electronic device is quickly obtained without relying on a server.

Improved technology for managing the caching of objects that are rarely requested by clients. A cache system can be configured to assess a class of objects (such as objects associated with a particular domain) for cacheability, based on traffic observations. If the maximum possible cache offloading for the class of objects falls below a threshold level, which indicates a high proportion of non-cacheable or “single-hitter” content, then cache admission logic is configured to admit objects only after multiple clients requests during a time period (usually the object's time in cache, or eviction age). Otherwise, the cache admission logic may operate to admit objects to the cache after the first client request, assuming the object meets cacheability criteria. The technological improvements disclosed herein can be used to improve cache utilization, for example by preventing single-hitter objects from pushing out multi-hit objects (the objects that get hits after being added to cache).

Improved technology for managing the caching of objects that are rarely requested by clients. A cache system can be configured to assess a class of objects (such as objects associated with a particular domain) for cacheability, based on traffic observations. If the maximum possible cache offloading for the class of objects falls below a threshold level, which indicates a high proportion of non-cacheable or “single-hitter” content, then cache admission logic is configured to admit objects only after multiple clients requests during a time period (usually the object's time in cache, or eviction age). Otherwise, the cache admission logic may operate to admit objects to the cache after the first client request, assuming the object meets cacheability criteria. The technological improvements disclosed herein can be used to improve cache utilization, for example by preventing single-hitter objects from pushing out multi-hit objects (the objects that get hits after being added to cache).

Example methods for a network device to perform address resolution handling. The method may comprise: in response to a first distributed router (DR) port of a first DR instance detecting an address resolution request from a second DR port of a second DR instance, generating a modified address resolution request that is addressed from a first address associated with the first DR port instead of a second address associated with the second DR port. The modified address resolution request may be broadcasted within a logical network that is connected to the first DR instance through network extension. The method may also comprise: in response to detecting an address resolution response that includes protocol-to-hardware address mapping information associated with an endpoint located on the logical network, generating and sending a modified address resolution response towards the second DR port of the second DR instance.

Methods and systems for augmenting network traffic flow reports with domain name service (“DNS”) information are provided. A networking device system can monitor DNS response traffic through a network and extract domain name records from the response traffic that corresponds to domain names submitted in web requests. The extracted domain name records can be provided to a network traffic flow capture system for inclusion in a network traffic flow report.

Systems, devices and methods for a Domain Name Data Networking (DNDN) content delivery system are disclosed. Embodiments perform operations including obtaining a content object having a unique identifier. The operations also include storing a local instance of the content object in association with DNS resource records and the unique identifier. The operations further include providing the local instance of the content to a client in response to receiving a request from the client including the unique identifier.

Systems, devices and methods for a Domain Name Data Networking (DNDN) content delivery system are disclosed. Embodiments perform operations including obtaining a content object having a unique identifier. The operations also include storing a local instance of the content object in association with DNS resource records and the unique identifier. The operations further include providing the local instance of the content to a client in response to receiving a request from the client including the unique identifier.

A system for allocating domain name acquisition resources is provided. The system performs a method comprising: obtaining, at a database, a list of domain names that are to be deleted during a first time window; updating a drop catch table in the database, wherein the drop catch table comprises a second list of domain names that are to be deleted; refreshing a cache in an application server that provides DNS services based on the drop catch table; obtaining, at the application server, a EPP command from a registrar to register a domain name from the drop catch table that is about to be deleted during a second time window; determining, based on the cache, that the domain name to be registered is available to be registered; updating a flag for the domain name in the cache indicating that the domain name is registered; and providing an acknowledgment to the registrar.