A network is secured by managing domain name requests such that client devices are restricted from visiting malicious or undesirable domains. An endpoint Domain Name Server (DNS) agent is installed on client devices on a local network, and the endpoint DNS agents intercept DNS requests from the client devices and process the received DNS request in the endpoint DNS agent based on a security policy set for the client device via the endpoint DNS agent. In a further example processing the received DNS request comprises identifying the client device, end user, and the DNS request to a cloud-based DNS server, and processing a response received from the cloud-based DNS server received in response to the DNS request. The endpoint DNS agent is further operable to distinguish between DNS requests for local domains and remote domains, and to redirect DNS requests for local domains to a local network DNS server.

A network is secured by managing domain name requests such that client devices are restricted from visiting malicious or undesirable domains. An endpoint Domain Name Server (DNS) agent is installed on client devices on a local network, and the endpoint DNS agents intercept DNS requests from the client devices and process the received DNS request in the endpoint DNS agent based on a security policy set for the client device via the endpoint DNS agent. In a further example processing the received DNS request comprises identifying the client device, end user, and the DNS request to a cloud-based DNS server, and processing a response received from the cloud-based DNS server received in response to the DNS request. The endpoint DNS agent is further operable to distinguish between DNS requests for local domains and remote domains, and to redirect DNS requests for local domains to a local network DNS server.

A system for data recording across a network includes a session border controller connecting incoming data from the network to an endpoint recorder. A load balancer is connected to the network between the session border controller and the endpoint and receives the incoming data from the session border controller, wherein the load balancer comprises computer memory and a processor configured to parse the incoming data into video data and audio data according to identification protocols accessible by the processor from the computer memory. A recording apparatus includes recording memory that receives the incoming data from the load balancer, stores a duplicate version of the incoming data in the recording memory, and connects the incoming data to the endpoint.

A system for data recording across a network includes a session border controller connecting incoming data from the network to an endpoint recorder. A load balancer is connected to the network between the session border controller and the endpoint and receives the incoming data from the session border controller, wherein the load balancer comprises computer memory and a processor configured to parse the incoming data into video data and audio data according to identification protocols accessible by the processor from the computer memory. A recording apparatus includes recording memory that receives the incoming data from the load balancer, stores a duplicate version of the incoming data in the recording memory, and connects the incoming data to the endpoint.

In an embodiment, a secure object transfer system is described. The system features a virtual private cloud network (VPC) and a controller. The VPC includes a plurality of gateways and a network load balancer, which configured to conduct a load balancing scheme on access messages from computing devices deployed within an on-premises network to direct the access memory to one of the plurality of gateways for storage or retrieval of an object from a cloud-based storage element. Each gateway includes Fully Qualified Domain Name (FQDN) filtering logic to restrict access of the computing devices to certain cloud-based storage elements in accordance with a security policy. The controller is configured to maintain and update the security policy utilized by each gateway of the plurality of gateways.

In an embodiment, a secure object transfer system is described. The system features a virtual private cloud network (VPC) and a controller. The VPC includes a plurality of gateways and a network load balancer, which configured to conduct a load balancing scheme on access messages from computing devices deployed within an on-premises network to direct the access memory to one of the plurality of gateways for storage or retrieval of an object from a cloud-based storage element. Each gateway includes Fully Qualified Domain Name (FQDN) filtering logic to restrict access of the computing devices to certain cloud-based storage elements in accordance with a security policy. The controller is configured to maintain and update the security policy utilized by each gateway of the plurality of gateways.

A device may monitor a status of a first data center of a group of data centers. The device may determine, based on the status of the first data center, to cause a failover from the first data center to a second data center. The device may cause a domain name server (DNS) configuration, associated with an external DNS, to be and a set of DNS entries, associated with an internal DNS, to be altered to cause a portion of the network traffic, respectively associated with a first network and a second network of the plurality of networks, to be routed the second data center. The device may cause a load balancer configuration to be altered to cause a portion of the network traffic associated with a third network of the plurality of networks to be redirected from the first data center to the second data center.

A method for filtering, distributing, and organizing domain name system queries in a communications network may include receiving a first domain name system query from a first endpoint device connected to the network, identifying a first network address of the first endpoint device from the first domain name system query, classifying the first domain name system query into a first class of a plurality of classes, wherein each class of the plurality of classes is associated with one predefined numerical range of a plurality of predefined numerical ranges, and wherein a target address unit of the first network address falls into the predefined numerical range associated with the first class, and forwarding the first domain name system query to a first collection server of a plurality of collection servers, wherein the first collection server is dedicated for collecting domain name system queries that are classified into the first class.

A computer-implemented method in a content delivery network (CDN) having multiple delivery servers. The CDN delivers content on behalf of at least one content provider. Distinct delivery servers are logically grouped into delivery server groups. One or more CDN name servers are associated with some of the delivery server groups. Network map data are determined using network data determined by the CDN name servers associated with at least some of the deliver server groups. The network data with respect to a CDN name server relative to a resolver is based on an estimated popularity of that CDN name server for that resolver. Responsive to a client request, including a hostname associated with a content provider, at least one CDN name server determines, using network map data, at least one delivery server to process the client request.

Techniques for a selection or reselection a user-plane path in a mobile network are disclosed herein. A user-plane gateway (GW-U) can be configured to decode a packet received from a control plane gateway (GW-C) in a packet data network gateway (PGW) to determine a forwarding policy. Additionally, the GW-U can decode, from an evolved node B (eNB), an internet protocol (IP) packet having a header field. Furthermore, the GW-U can determine a user-plane path for the IP packet based on a comparison of the header field and the forwarding policy. Based on the determined user-plane path, the GW-U can forward the IP packet to a local application server (AS), encapsulate and forward the IP packet to the PGW, or discard the IP packet. Moreover, the GW-U can encode the IP packet for transmission based on the determined user-plane selection.