Recursive domain name service (dns) prefetching

What is claimed is: 1 . A method of handling Domain Name Service (DNS) requests, the method comprising: prefetching from an authoritative DNS server DNS entries for one or more domains to build a whitelist in a recursive DNS server; and in response to a DNS request received by the recursive DNS server: accessing the whitelist to attempt to locate a matching DNS entry for the received DNS request; and in response to locating a matching DNS entry for the received DNS request, returning the matching DNS entry as a response to the DNS request. 2 . The method of claim 1 , wherein the whitelist is a semi-authoritative whitelist. 3 . The method of claim 1 , further comprising monitoring system load, wherein accessing the whitelist is selectively performed in response to the monitored system load. 4 . The method of claim 3 , wherein monitoring system load includes monitoring system load in the recursive DNS server. 5 . The method of claim 3 , wherein monitoring system load includes monitoring response time for the authoritative DNS server. 6 . The method of claim 3 , further comprising: activating a mode in response to determining a high system load from the monitored system load, wherein accessing the whitelist is only performed when the mode is activated when the DNS request is received by the recursive DNS server; and after activating the mode, selectively deactivating the mode in response to determining a discontinuation of the high system load from the monitored system load. 7 . The method of claim 1 , further comprising caching failed DNS requests in a negative feedback cache; and in response to the DNS request received by the recursive DNS server, accessing the negative feedback cache and returning an invalid DNS response in response to the DNS request received by the recursive DNS server matching a failed DNS request cached in the negative feedback cache. 8 . The method of claim 7 , wherein accessing the whitelist is performed in response to the DNS request received by the recursive DNS server not matching any failed DNS request cached in the negative feedback cache. 9 . The method of claim 7 , further comprising removing stale failed DNS requests from the negative feedback cache. 10 . The method of claim 9 , wherein caching the failed DNS requests includes associating each failed DNS request with a timeout, and wherein removing stale failed DNS requests includes removing failed DNS requests for which the associated timeout has been triggered. 11 . The method of claim 7 , further comprising: in response to not locating the matching DNS entry for the received DNS request, forwarding the DNS request received by the recursive DNS server to a different DNS server; and in response to receiving an invalid response to the forwarded DNS request from the different DNS server, caching the DNS request received by the recursive DNS server in the negative feedback cache as a failed DNS request. 12 . The method of claim 7 , further comprising: activating a mode in response to determining a high system load, wherein accessing the negative feedback cache is only performed when the mode is activated when the DNS request is received by the recursive DNS server; and after activating the mode, selectively deactivating the mode in response to determining a discontinuation of the high system load from the monitored system load. 13 . The method of claim 7 , further comprising applying a malicious query matching filter to the DNS request received by the recursive DNS server, and returning an invalid DNS response to the DNS request received by the recursive DNS server in response to a match with the malicious query matching filter. 14 . The method of claim 13 , wherein the malicious query matching filter includes a bloom filter. 15 . The method of claim 1 , wherein prefetching from the authoritative DNS server the DNS entries for the one or more domains includes prefetching from the authoritative DNS server each sub-domain for the one or more domains. 16 . The method of claim 15 , further comprising updating the whitelist over time by repeating prefetching from the authoritative DNS server. 17 . The method of claim 1 , wherein the recursive DNS server is resident in a root DNS data processing system, an Internet Service Provider (ISP) data processing system, a network router data processing system or a client data processing system.