A system for allocating domain name acquisition resources is provided. The system performs a method comprising: obtaining, at a database, a list of domain names that are to be deleted during a first time window; updating a drop catch table in the database, wherein the drop catch table comprises a second list of domain names that are to be deleted; refreshing a cache in an application server that provides DNS services based on the drop catch table; obtaining, at the application server, a EPP command from a registrar to register a domain name from the drop catch table that is about to be deleted during a second time window; determining, based on the cache, that the domain name to be registered is available to be registered; updating a flag for the domain name in the cache indicating that the domain name is registered; and providing an acknowledgment to the registrar.

In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

In a wireless communication system, a plurality of communication devices performs transmission and reception, each communication device including a signal processing unit/transmitting unit, a MAC layer processing unit and an IP layer processing unit. The IP layer processing unit includes an ad hoc network processing unit, an address information management unit, a relay information storage unit and an ARP information storage unit. The ARP information storage unit stores an adaptive address code information table and the relay information storage unit stores a relay information table.

A domain-name-based network-connection attestation system provides for more user friendly and less error prone (compared to IP-address-based attestation systems) updating of a whitelist used to determine whether or not to allow a requested network connection. A guest agent extracts from a DNS reply a domain name, and an IP address mapped to a domain name. The agent enters these values in an agent DNS cache. When a process requests a connection to an IP address, the agent uses the IP address to determine the domain name from the agent DNS cache. The agent then determines whether the IP address is mapped to the process identity in a domain-name-based whitelist. If it is, the connection is attested to and allowed; if it is not, a secondary IP address whitelist can be checked.

A domain-name-based network-connection attestation system provides for more user friendly and less error prone (compared to IP-address-based attestation systems) updating of a whitelist used to determine whether or not to allow a requested network connection. A guest agent extracts from a DNS reply a domain name, and an IP address mapped to a domain name. The agent enters these values in an agent DNS cache. When a process requests a connection to an IP address, the agent uses the IP address to determine the domain name from the agent DNS cache. The agent then determines whether the IP address is mapped to the process identity in a domain-name-based whitelist. If it is, the connection is attested to and allowed; if it is not, a secondary IP address whitelist can be checked.

A local network element on an enterprise network caches Domain Name System (DNS) responses in association with user identifiers in accordance with a DNS-based access control policy. The network element receives a DNS request from a first endpoint device. The DNS request includes a domain name to resolve. The network element forwards the DNS request to a domain name server along with a first user identifier associated with the first endpoint device. The network element receives a DNS response from the domain name server. The DNS response includes a network address associated with the domain name, as well as the first user identifier and at least one other user identifier. The network element stores the network address in a DNS cache as a cached DNS response for the domain name. The cached DNS response is stored in association with the first user identifier and the other user identifier(s).

The present application describes a system and method for passively collecting DNS traffic data as that data is passed between a recursive DNS resolver and an authoritative DNS server. The information contained in the collected DNS traffic data is used to generate a virtual authoritative DNS server, or a zone associated with the authoritative DNS server, when it is determined that the authoritative DNS server has been compromised.

The present application describes a system and method for passively collecting DNS traffic data as that data is passed between a recursive DNS resolver and an authoritative DNS server. The information contained in the collected DNS traffic data is used to generate a virtual authoritative DNS server, or a zone associated with the authoritative DNS server, when it is determined that the authoritative DNS server has been compromised.

The invention provides a method and system for automatically managing a plurality of Wi-Fi access points using a network management cloud. In order to manage the plurality of Wi-Fi access points, a connection is established between one or more Wi-Fi access points and a client device using the network management cloud. The network management cloud, then, receives and analyzes information from the client device related to controlling one or more Wi-Fi access points. Thereafter, the network management cloud determines one or more operation settings for the one or more Wi-Fi access points based on the analyzed information. The one or more operation settings of the one or more Wi-Fi access points are then configured using the network management cloud. Thus, the one or more Wi-Fi access points are configured by the client device through the network management cloud.

Methods and apparatus to decrease DNS lookup times for mobile clients are disclosed. An example DNS cache peering system includes a mobile DNS cache; a mobile DNS server configured to, when an IP address for a URL is not found in the DNS cache, send a DNS lookup request for the URL; a ground-based DNS server to receive the DNS lookup request from the mobile DNS server, and send, in response, a DNS lookup response including the IP address for the URL to the mobile DNS server; and a ground-based DNS peer engine server configured to capture the DNS lookup response, and multicast DNS information from the DNS lookup response to a plurality of mobile DNS peer engine clients, wherein the plurality of mobile DNS peer engine clients are configured to store the DNS information in respective ones of a plurality of mobile DNS caches.