Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
Distributed cloud-based dynamic name server surrogation systems and methods
US11023378B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11023378-B2 |
| Application number | US-201715841656-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 14, 2017 |
| Priority date | Jul 23, 2013 |
| Publication date | Jun 1, 2021 |
| Grant date | Jun 1, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A Dynamic Name Server (DNS) surrogation method, a DNS system, and a DNS server provide DNS surrogation which is the idea that if a user device sends a DNS resolution request to a given DNS server that server does not need to actually perform the recursion itself. A policy can be defined telling the server that first received the request to take other factors into account and “relay” or “surrogate” that request to another node. This additional node is called a “surrogate” and it actually performs the recursion therefore allowing the resolving party to perform proper localization, optimization, or any other form of differentiated resolution. This surrogation also distributes the job of actually performing resolution, which adds scalability to the DNS server or service itself. A network of “surrogate” resolvers is possible as well as the concept of every client needing DNS resolution can also become a surrogate.
First claim
Opening claim text (preview).
What is claimed is: 1. A method implemented in a cloud network, the method comprising: receiving a Domain Name System (DNS) request; determining, based on a policy associated with the DNS request, whether the DNS request is to be surrogated, the policy defining which types of DNS requests are to be surrogated based on 1) a DNS request arriving where surrogation is possible and a direct server return is not possible, 2) a DNS request arriving where surrogation is possible and a direct server return is possible, 3) an ordinary DNS request, 4) a DNS request arriving that must be surrogated where a direct server return is not possible, and 5) a DNS request arriving that is must be surrogated where a direct return is possible; relaying, responsive to the determination that the DNS request is to be surrogated, the DNS request to a surrogate of a plurality of surrogates that resolves the DNS request by performing recursion to determine a result of the DNS resolution, wherein one or more of the plurality of surrogates comprise clients receiving service from the cloud network, wherein the clients are user equipment associated with a user that is configured for use of the service provided by the cloud network and the clients are the surrogates performing the DNS resolution, and wherein the policy includes evaluation of status of the plurality of surrogates and location; and responsive to DNS resolution performed by the surrogate, providing the result of the DNS resolution as a response to the DNS request. 2. The method of claim 1 , wherein the surrogate provides the result to the DNS request independent of a device receiving the DNS request. 3. The method of claim 1 , wherein the surrogate is determined based on the policy. 4. The method of claim 1 , wherein the surrogate is determined based on a location of a user device associated with the DNS request. 5. The method of claim 1 , wherein the surrogate is configured to provide a request to an authoritative DNS server associated with a domain name of the DNS request. 6. The method of claim 1 , wherein the result of the DNS resolution is based on a location or source Internet Protocol address of the surrogate instead of based on a DNS server performing the receiving. 7. The method of claim 1 , wherein the service from the cloud network comprises security monitoring. 8. A Domain Name Server (DNS) system in a cloud network, comprising: a network interface; a processor communicatively coupled to the network interface; memory storing instructions that, when executed, cause the processor to: receive a DNS request; determine, based on a policy associated with the DNS request, whether the DNS request is to be surrogated, the policy defining which types of DNS requests are to be surrogated based on 1) a DNS request arriving where surrogation is possible and direct server is not possible, 2) a DNS request arriving where surrogation is possible and a direct server return is possible, 3) an ordinary DNS request, 4) a DNS request arriving that must be surrogated where a direct server return is not possible, and 5) a DNS request arriving that is must be surrogated where a direct server return is possible; and relay, responsive to the determination that the DNS request is to be surrogated, the DNS request to a surrogate of a plurality of surrogates, wherein the surrogate resolves the DNS request by performing recursion to determine a result of the DNS resolution, wherein one or more of the plurality of surrogates comprise clients receiving service from the cloud network, wherein the clients are user equipment associated with a user that is configured for use of the service provided by the cloud network and the clients are the surrogates performing the DNS resolution, and wherein the policy includes evaluation of status of the plurality of surrogates and location, wherein, responsive to DNS resolution performed by the surrogate, the result of the DNS resolution is provided as a response to the DNS request. 9. The DNS system of claim 8 , wherein the surrogate provides the result to the DNS request independent of a device receiving the DNS request. 10. The DNS system of claim 8 , wherein the surrogate is determined based on a location of a user device associated with the DNS request. 11. The DNS system of claim 8 , wherein the surrogate is configured to provide a request to an authoritative DNS server associated with a domain name of the DNS request. 12. The DNS system of claim 8 , wherein the result of the DNS resolution is based on a location or source Internet Protocol address of the surrogate instead of based on a DNS server performing the receiving. 13. The DNS system of claim 8 , wherein the service from the cloud network comprises security monitoring. 14. A user device configured to receive a service from a cloud network, comprising: a network interface; a processor communicatively coupled to the network interface; memory storing instructions that, when executed, cause the processor to: communicate with the cloud network for the service provided by the cloud network; receive, responsive to a Domain Name Server (DNS) request received by the cloud network and responsive to a determination, based on a policy associated with the DNS request, that the DNS request is to be surrogated, wherein the policy defines which types of DNS requests are to be surrogated and includes evaluation of status of the surrogate and location, the types of DNS requests that are to be surrogated based on 1) a DNS request arriving where surrogation is possible and a direct server return is not possible, 2) a DNS request arriving where surrogation is possible and a direct server return is possible, 3) an ordinary DNS request, 4) a DNS request arriving that must be surrogated where a direct server return is not possible, and 5) a DNS request arriving that is must be surrogated where a direct server return is possible, a DNS surrogation request from the cloud network, wherein the user device is user equipment associated with a user that is configured for use of the service and is further configured to act as a DNS surrogate for the cloud network in lieu of a DNS server receiving the DNS request; perform a DNS resolution of the DNS request including recursion to determine a result of the DNS resolution; and provide a result of the DNS resolution as a response to the DNS request. 15. The user device of claim 14 , wherein the user device provides the result to the DNS request independent of a device receiving the DNS request. 16. The user device of claim 14 , wherein the DNS surrogation request is determined based on a location of a user device associated with the DNS request. 17. The user device of claim 14 , wherein the result of the DNS resolution is based on a location or source Internet Protocol address of the user device instead of based on a DNS server which received the DNS request.
Assignees
Inventors
Classifications
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Load balancing of requests to servers for services different from user content provisioning, e.g. load balancing across domain name servers · CPC title
Lookup mechanisms between a plurality of directories; Synchronisation of directories, e.g. metadirectories · CPC title
using domain name system [DNS] · CPC title
Filtering policies (mail message filtering H04L51/212) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11023378B2 cover?
- A Dynamic Name Server (DNS) surrogation method, a DNS system, and a DNS server provide DNS surrogation which is the idea that if a user device sends a DNS resolution request to a given DNS server that server does not need to actually perform the recursion itself. A policy can be defined telling the server that first received the request to take other factors into account and “relay” or “surroga…
- Who is the assignee on this patent?
- Zscaler Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 01 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).