Adaptive resolution of domain name requests in virtual private cloud network environments

US 10,469,442 B2
Filed: 07/23/2018
Issued: 11/05/2019
Est. Priority Date: 08/24/2016
Status: Active Grant

First Claim

Patent Images

1. A system for adaptive resolution of domain name system (DNS) requests obtained from devices of virtual private cloud network environments (VPCs), wherein each VPC includes one or more computing devices arranged within a virtualized local area network of the VPC, the virtualized local area network of each VPC generated by a substrate network hosting the VPCs, the system comprising:

a non-transitory data store including data identifying;

for a first VPC of the VPCs, a first set of rules designated for handling resolution requests obtained from devices of the first VPC to resolve domain names into corresponding network addresses; and

for a second VPC of the VPCs, a second set of rules designated for handling resolution requests obtained from devices of the second VPC to resolve domain names into corresponding network addresses; and

at least one computing device configured with computer-executable instructions that, when executed, cause the at least one computing device to;

obtain a request from a computing device within one of the VPCs to resolve a domain name into a corresponding network address;

identify a VPC identifier associated with the request that designates a source VPC from which the request originated, the source VPC corresponding to either the first VPC or the second VPC;

selectively applying to the request either the first set of rules or the second set of rules to determine a domain name system (DNS) server to which the request should be forwarded, wherein the first set of rules are applied when the source VPC corresponds to the first VPC and the second set of rules are applied when the source VPC corresponds to the second VPC; and

route the request to the DNS server according to the routing determined from selective application of either the first set of rules or the second set of rules.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described to enable adaptive handling of domain resolution requests originating from a virtual private cloud (VPC) networking environment. An administrator of the VPC can provide a set of rules specific to the VPC that designates how requests for a domain name should be handled. The rules may specify, for example, that a request for a given domain name should be routed to a particular domain name server, which may include a private domain name server, should be dropped, or should be routed according to a default behavior (e.g., a public domain name system). Resolution requests originating in the VPC can be associated with a VPC identifier. When an adaptive resolution system receives the request, it can retrieve rules associated with the VPC identifier, and apply the rules to determine further routing for the request.

1424 Citations

18 Claims

1. A system for adaptive resolution of domain name system (DNS) requests obtained from devices of virtual private cloud network environments (VPCs), wherein each VPC includes one or more computing devices arranged within a virtualized local area network of the VPC, the virtualized local area network of each VPC generated by a substrate network hosting the VPCs, the system comprising:
- a non-transitory data store including data identifying;
  
  for a first VPC of the VPCs, a first set of rules designated for handling resolution requests obtained from devices of the first VPC to resolve domain names into corresponding network addresses; and
  
  for a second VPC of the VPCs, a second set of rules designated for handling resolution requests obtained from devices of the second VPC to resolve domain names into corresponding network addresses; and
  
  at least one computing device configured with computer-executable instructions that, when executed, cause the at least one computing device to;
  
  obtain a request from a computing device within one of the VPCs to resolve a domain name into a corresponding network address;
  
  identify a VPC identifier associated with the request that designates a source VPC from which the request originated, the source VPC corresponding to either the first VPC or the second VPC;
  
  selectively applying to the request either the first set of rules or the second set of rules to determine a domain name system (DNS) server to which the request should be forwarded, wherein the first set of rules are applied when the source VPC corresponds to the first VPC and the second set of rules are applied when the source VPC corresponds to the second VPC; and
  
  route the request to the DNS server according to the routing determined from selective application of either the first set of rules or the second set of rules.
- View Dependent Claims (2, 3)
- - 2. The system of claim 1, wherein the DNS server is identified within either the first set of rules or the second set of rules by at least one of a network address of the DNS server or an identifier of the DNS server associated with a VPC including the DNS server.
  - 3. The system of claim 1, wherein the computer-executable instructions further cause the at least one computing device to:
    - obtain a second request from a computing device within one of the VPCs to resolve a second domain name into a corresponding second network address;
      
      identify a VPC identifier associated with the second request that designates a second source VPC from which the request originated, the second source VPC corresponding to either the first VPC or the second VPC;
      
      selectively applying to the second request either the first set of rules or the second set of rules to determine a network destination to which the second request should be forwarded, wherein the first set of rules are applied when the second source VPC corresponds to the first VPC and the second set of rules are applied when the second source VPC corresponds to the second VPC; and
      
      route the second request to the network destination determined from selective application of either the first set of rules or the second set of rules.

4. A computer-implemented method for adaptive handling of domain names resolution requests obtained from devices of a virtual private cloud network environment (VPC) within at least two VPCs, wherein each VPC of the at least two VPCs includes one or more computing devices arranged within a virtualized local area network, the virtualized local area network generated by a substrate network hosting the VPC, the computer-implemented method comprising:
- obtaining a first set of rules for handling requests, received from devices of a first VPC of the at least two VPCs, to resolve domain names into corresponding network addresses and a second set of rules for handling requests, received from devices of a second VPC of the at least two VPCs, to resolve domain names into corresponding network addresses;
  
  obtaining a request from a computing device within one of the VPCs to resolve a domain name into a corresponding network address;
  
  determining, from a VPC identifier of the request, a source VPC from which the request originated, the source VPC corresponding to either the first or second VPC;
  
  selectively applying either the first set of rules or the second set of rules to the request to identity a domain name system (DNS) server to which the request should be forwarded, wherein the first set of rules are applied when the source VPC corresponds to the first VPC and the second set of rules are applied when the source VPC corresponds to the second VPC; and
  
  routing the request to the DNS server according to the routing determined from selective application of either the first set of rules or the second set of rules.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
- - 5. The computer-implemented method of claim 4, further comprising:
    - obtaining a second request from a computing device within one of the VPCs to resolve a second domain name into a corresponding second network address;
      
      determining, from a VPC identifier of the second request, that the second request originates within the second VPC;
      
      applying the second set of rules to the second request to identity a network destination, designated within the second set of rules, to which the second request should be forwarded; and
      
      routing the request to the network destination according to the second set of rules.
  - 6. The computer-implemented method of claim 4, wherein the computer-implemented method further comprises:
    - obtaining the corresponding network address from the DNS server; and
      
      returning the corresponding network address to the computing device.
  - 7. The computer-implemented method of claim 4 further comprising, prior to forwarding the request to the DNS server, modifying the request to cause a response to the request to be returned to the computing device.
  - 8. The computer-implemented method of claim 4, wherein the request is formatted according to the domain name system (DNS) protocol.
  - 9. The computer-implemented method of claim 4, wherein the DNS server is a default resolution server associated with the VPC, and wherein the first set of rules designate the DNS server by reference to the default resolution server.
  - 10. The computer-implemented method of claim 4, wherein obtaining the request from the computing device of the VPC to resolve the domain name into the corresponding network address comprises obtaining the request in an encapsulated form, and decapsulating the request.
  - 11. The computer-implemented method of claim 10 further comprising extracting the VPC identifier from metadata associated with the encapsulated form.

12. Non-transitory computer readable media including computer-executable instructions for adaptive handling of domain names resolution requests obtained from devices of a virtual private cloud network environment (VPC) within at least two VPCs, wherein each VPC of the at least two VPCs includes one or more computing devices arranged within a virtualized local area network, the virtualized local area network generated by a substrate network hosting the VPC, wherein the computer-executable instructions, when executed by a computing system, cause the computing system to:
- obtain a first set of rules for handling requests, received from devices of a first VPC of the at least two VPCs, to resolve domain names into corresponding network addresses and a second set of rules for handling requests, received from devices of a second VPC of the at least two VPCs, to resolve domain names into corresponding network addresses;
  
  obtain a request from a computing device within one of the VPCs to resolve a domain name into a corresponding network address;
  
  determine, from a VPC identifier of the request, a source VPC from which the request originated, the source VPC corresponding to either the first or second VPC;
  
  selectively apply either the first set of rules or the second set of rules to the request to identity a domain name system (DNS) server to which the request should be forwarded, wherein the first set of rules are applied when the source VPC corresponds to the first VPC and the second set of rules are applied when the source VPC corresponds to the second VPC; and
  
  route the request to the DNS server according to the routing determined from selective application of either the first set of rules or the second set of rules.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The non-transitory computer readable media of claim 12, wherein the computer-executable instructions further cause the computing system to determine the VPC identifier from a flag field of the request.
  - 14. The non-transitory computer readable media of claim 12, wherein the computer-executable instructions further cause the computing system to:
    - obtain a modification to the first set of rules, the modification provided by an administrator of the first VPC; and
      
      update the first set of rules according to the modification.
  - 15. The non-transitory computer readable media of claim 12, wherein at least one rule of the first set of rules references another rule associated with another VPC.
  - 16. The non-transitory computer readable media of claim 12, wherein the first set of rules further designate a domain name system (DNS) forwarding type to utilize in routing the request.
  - 17. The non-transitory computer readable media of claim 12, the request is obtained in an encapsulated form, and wherein the computer-executable instructions further cause the computing system to decapsulate the request.
  - 18. The non-transitory computer readable media of claim 12, wherein the computer-executable instructions further cause the computing system to:
    - obtain a second request from a second computing device within one of the VPCs to resolve a second domain name into a corresponding second network address;
      
      determine, from a VPC identifier of the second request, that the second request originates within the VPC;
      
      apply the first set of rules to the request to identify the second network address into which the second domain name should be resolved, wherein the second network address is designated within the first set of rules; and
      
      return the second network address in response to the second request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Mizik, Andrey, Zen, Lee-Ming, McCullagh, Gavin Derek, Santoso, Yohanes, Meleshuk, Vadim, Gu, Yu, Lai, Minli, Mistrianu, Ivan, Weiss, Rebecca Claire, Chen, Yi Cheng, Hoskinson, Ronald Andrew
Primary Examiner(s)
Wang, Liang Che A

Application Number

US16/042,584
Publication Number

US 20180351904A1
Time in Patent Office

470 Days
Field of Search

709217, 709218, 709219, 709245, 709247
US Class Current
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/445   Program loading or initiati...

G06F 9/45558   Hypervisor-specific managem...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 49/354   for supporting virtual loca...

H04L 61/4511   using domain name system [DNS]

H04L 67/10   in which an application is ...

Adaptive resolution of domain name requests in virtual private cloud network environments

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

1424 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive resolution of domain name requests in virtual private cloud network environments

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1424 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links