A system prefetches most frequently used domain names and stores the domain name data at local cache servers. It generates validity codes to enable error checking for valid domain names at the local cache servers without accessing root servers. A cache server obtains, stores, and propagates updates or new DNS data to local cache servers at predetermined intervals. Users can obtain internet protocol addresses of domain names directly from local cache servers, thus eliminating processing delays ov…

Mechanisms that allow IPv4 and IPv6 clients to communicate with reduced server workload. The IPv4 client initiates communication by routing an IPv4 message to a server. The server sends a similar IPv6 message to the IPv6 client. A relay intercepts the IPv6 response, generates an IPv4 response, and forwards that IPv4 response to the IPv4 client if the NAT is a cone NAT. Otherwise, the relay sends the IPv4 response to the server. The server includes the IPv4 address of the relay in the response an…

A method and system for authenticating a message is described, in which the message contains a network address, at least a portion of which is a digital fingerprint. Embedded in the message is data, such as a code, that indicates the size of the digital fingerprint. A device receiving the message uses the size data and, for example, the public key of the sender to attempt to reproduce the digital fingerprint. If successful, the device receiving the message verifies the identity of the sender.

A method for detecting and repairing cloud splits in a distributed system such as a peer-to-peer (P2P) system is presented. Nodes in a cloud maintain a multilevel cache of entries for a subset of nodes in the cloud. The multilevel cache is built on a circular number space, where each node in the cloud is assigned a unique identifier (ID). Nodes are recorded in levels of the cache according to the distance from the host node. The size of the cloud is estimated using the cache, and cloud-split tes…

A method is provided for estimating the size of a computer network such as the Internet. A computer generates a random sample of potential network addresses and then determines whether those sample addresses are currently allocated to computers on the network. Using samples taken at multiple points in time, the computer statistically models the growth of the network. The model has unknown parameters, and values of the parameters are estimated using previously sampled data. Using the estimated pa…

A firewall acts as a transparent gateway to a server within a private network by initiating an unsolicited challenge to a client to provide authentication credentials. After receiving the client’s credentials, the firewall verifies the authentication credentials and establishes a secure channel for accessing the server. Data destined for the server from the client may be forwarded through the firewall using the secure channel. The firewall may sign, or otherwise indicate that data forwarded to t…

A method and apparatus for fragmenting and reassembling IKE protocol data packets that exceed a Maximum Transmission Unit is provided. A transmitting node determines whether to fragment IKE data depending on whether the receiving node has the capability to receive and reassemble fragmented data packets. The transmitting node detects whether fragmentation is appropriate and then intercepts and fragments appropriate IKE payloads for transmission over a network. The invention further includes a met…

A method to negotiate computer settings in advance is presented. A prediction is made to determine if the computer setting will be needed, and if needed, whether a value outside of a normal range of values will be needed. A value for the computer setting that is outside of the normal range of values is determined and the value is set to the outside value. A value within the normal range of values is used if it was predicted that there is no need for a value outside of the normal range of values.

A serverless name resolution protocol ensures convergence despite the size of the network, without requiring an ever-increasing cache and with a reasonable numbers of hops. This convergence is ensured through a multi-level cache and a proactive cache initialization strategy. The multi-level cache is built based on a circular number space. Each level contains information from different levels of slivers of the circular space. A mechanism is included to add a level to the multi-level cache when th…

A method for ensuring valid and secure peer-to-peer communications in a group structure. Specifically, the system of the present invention presents a method of ensuring secure peer-to-peer group formation, group member addition, group member eviction, group information distribution, etc. Such functionality may be distributed to the individual peers in the group to further enhance the overall security of the group while enhancing flexibility. The P2P group security allows every peer who is a vali…