Trustworthiness-verifying dns server for name resolution
US-2017149730-A1 · May 25, 2017 · US
Domain name resolution
US10708226B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10708226-B2 |
| Application number | US-201615010155-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 29, 2016 |
| Priority date | Jan 29, 2016 |
| Publication date | Jul 7, 2020 |
| Grant date | Jul 7, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method, system, apparatus, and computer-readable memory containing instructions include receiving, at an agent operating on a client device, a (domain name system) DNS resolution request for a domain name. The DNS resolution request is transmitted to a first DNS server including a firewall service and a second DNS server within a local network to the client device. Responses to the DNS resolution request from the first and second DNS server are received. The agent determines how to resolve the DNS resolution request based on one or more of the received responses.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method, comprising: receiving, at an agent operating on a client device, a domain name system (DNS) resolution request for a domain name; determining, by the agent and based on a DNS service configuration, a network configuration for the client device specified in the DNS service configuration, wherein the client device is included in a first local network that is not protected by a first firewall service; determining, by the agent and based on the DNS service configuration, that a first DNS resolution policy is applicable to the DNS resolution request, wherein the first DNS resolution policy specifies that one or more DNS resolution requests, upon reception by the client device when the client device is in the first local network, are to be resolved by: a first DNS server that includes the first firewall service, and a second DNS server that is included in the first local network; transmitting the DNS resolution request from the client device to the first DNS server; receiving a first response to the DNS resolution request from the first DNS server; transmitting the DNS resolution request from the client device to the second DNS server; receiving a second response to the DNS resolution request from the second DNS server; and upon receiving the first response and the second response, resolving, by the agent, the DNS resolution request using one of the first response or the second response. 2. The computer-implemented method of claim 1 , wherein: the first response includes: information indicating that the domain name included in the DNS resolution request is a malicious site, and information identifying an address of a redirected domain name; the second response includes information identifying an address of the domain name included in the DNS resolution request; and the agent determines to resolve the DNS resolution request using the address of the redirected domain name. 3. The computer-implemented method of claim 1 , wherein: the first response includes information identifying a first address of a domain name included in the DNS resolution request; the second response includes information identifying a second address of the domain name included in the DNS resolution request; and the agent determines to resolve the DNS resolution request using the second address of the domain name. 4. The computer-implemented method of claim 1 , further comprising: changing, by the agent, a local DNS service configuration included in the DNS service configuration to point back to an address of the client device; monitoring the local DNS service configuration; and when the local DNS service configuration is updated, based on a dynamic host configuration protocol update, to generate an updated local DNS service configuration, changing the updated local DNS service configuration to point back to the address of the client device. 5. The computer-implemented method of claim 1 , further comprising: probing, by the agent, the first local network; determining whether the first DNS server is accessible by the agent when included in the first local network; and authenticating, by the agent via an encrypted communication channel, the agent with the first firewall service when it is determined that the first DNS server is accessible by the agent when included in the first local network. 6. The computer-implemented method of claim 1 , further comprising: providing, by the agent, domain name system security extensions (DNSSEC) validation. 7. An apparatus, comprising: at least one processor, implemented at least in part in hardware; a memory, storing a set of instructions, which, when executed by the at least one processor, causes the at least one processor to: receive, at an agent operating on a client device, a domain name system (DNS) resolution request for a domain name; determine, by the agent and based on a DNS service configuration, a network configuration for the client device specified in the DNS service configuration, wherein the client device is included in a first local network that is not protected by a first firewall service; determine, by the agent and based on the DNS service configuration, that a first DNS resolution policy is applicable to the DNS resolution request, wherein the first DNS resolution policy specifies that one or more DNS resolution requests, upon reception by the client device when the client device is in a first local network, are to be resolved by: a first DNS server that includes the first firewall service, and a second DNS server that is included in the first local network; transmit the DNS resolution request from the client device to the first DNS server; receive a first response to the DNS resolution request from the first DNS server; transmit the DNS resolution request from the client device to the second DNS server; receive a second response to the DNS resolution request from the second DNS server; and upon receiving the first response and the second response, resolving, by the agent, the DNS resolution request using one of the first response or the second response. 8. The apparatus of claim 7 , wherein: the first response includes: information indicating that the domain name included in the DNS resolution request is a malicious site, and information identifying an address of a redirected domain name; the second response includes information identifying an address of the domain name included in the DNS resolution request; and the agent determines to resolve the DNS resolution request using the address of the redirected domain name. 9. The apparatus of claim 7 , wherein: the first response includes information identifying a first address of a domain name included in the DNS resolution request; the second response includes information identifying a second address of the domain name included in the DNS resolution request; and the agent determines to resolve the DNS resolution request using the second address of the domain name. 10. The apparatus of claim 7 , wherein the set of instructions, which, when executed by the at least one processor, causes the at least one processor to further: change a local DNS service configuration included in the DNS service configuration to point back to an address of the client device; monitor the local DNS service configuration; and when the local DNS service configuration is updated, based on a dynamic host configuration protocol update, to generate an updated local DNS service configuration, change the updated local DNS service configuration to point back to the address of the client device. 11. The apparatus of claim 7 , wherein the set of instructions, which, when executed by the at least one processor, causes the at least one processor to further: probe, by the agent, the first local network; determine whether the first DNS server is accessible by the agent when included in the first local network; and authenticate, by the agent via an encrypted communication channel, the agent with the first firewall service when it is determined that the first DNS server is accessible by the agent when included in the first local network. 12. The apparatus of claim 7 , wherein the set of instructions, which, when executed by the at least one processor, causes the at least one processor to further provide, by the agent, domain name system security extensions (DNSSEC) validation. 13. One or more non-transitory computer-readable media containing instructions, which, when executed by one or more processors, cause the one or more processors to perform steps of: receiving, at an agent operating on a client
Assignees
Inventors
Classifications
using domain name system [DNS] · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
- H04L63/0236Primary
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10708226B2 cover?
- A method, system, apparatus, and computer-readable memory containing instructions include receiving, at an agent operating on a client device, a (domain name system) DNS resolution request for a domain name. The DNS resolution request is transmitted to a first DNS server including a firewall service and a second DNS server within a local network to the client device. Responses to the DNS resolu…
- Who is the assignee on this patent?
- Verisign Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0236. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 07 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).