DNS resolution of overlapping domains in a multi-tenant computing environment

US 10,476,942 B2
Filed: 12/21/2016
Issued: 11/12/2019
Est. Priority Date: 12/21/2016
Status: Active Grant

First Claim

Patent Images

1. A DNS-resolution system comprising a processor, a memory coupled to the processor, and a computer-readable hardware storage device coupled to the processor, the storage device containing program code configured to be run by the processor via the memory to implement a method for a multi-tenant DNS mechanism, the method comprising:

receiving a DNS request to resolve a domain address to an Internet Protocol address,where the domain address identifies a networked entity comprised by a multi-tenant computing environment,where the DNS request comprises a Tenant-ID record that indicates whether the DNS request comprises a request for a tenant-specific domain-name resolution, andwhere the multi-tenant computing environment comprises a set of private networks that each host one tenant'"'"'s domain of a set of tenant domains;

extracting &

lithe Tenant-ID record from the DNS request;

determining whether the Tenant-ID record indicates that the DNS request comprises a request for a tenant-specific domain-address resolution; and

forwarding the DNS request to a multi-tenant DNS server along with a notification of whether the DNS request requires a tenant-specific domain-address resolution.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and associated systems for a multi-tenant DNS mechanism. A multi-tenant computing environment hosts multiple private overlay networks, each of which comprises one tenant'"'"'s domain. A multi-tenant DNS agent receives a DNS request to resolve a domain address located within the multi-tenant environment. The agent examines a special record within the request to determine whether the request requires resolving the domain address to an internal tenant-specific network identifier within a tenant'"'"'s private network. The agent then forwards the request to a DNS server, notifying the server whether the requested address resolution is tenant-specific. If the request is not tenant-specific, the server performs a conventional DNS lookup. But if the request is tenant-specific, the DNS server instead performs a lookup into a tenant-specific local database that allows the domain address to be resolved to an internal address visible only within the multi-tenant computing environment.

13 Citations

20 Claims

1. A DNS-resolution system comprising a processor, a memory coupled to the processor, and a computer-readable hardware storage device coupled to the processor, the storage device containing program code configured to be run by the processor via the memory to implement a method for a multi-tenant DNS mechanism, the method comprising:
- receiving a DNS request to resolve a domain address to an Internet Protocol address,where the domain address identifies a networked entity comprised by a multi-tenant computing environment,where the DNS request comprises a Tenant-ID record that indicates whether the DNS request comprises a request for a tenant-specific domain-name resolution, andwhere the multi-tenant computing environment comprises a set of private networks that each host one tenant'"'"'s domain of a set of tenant domains;
  
  extracting &
  
  lithe Tenant-ID record from the DNS request;
  
  determining whether the Tenant-ID record indicates that the DNS request comprises a request for a tenant-specific domain-address resolution; and
  
  forwarding the DNS request to a multi-tenant DNS server along with a notification of whether the DNS request requires a tenant-specific domain-address resolution.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, where the multi-tenant DNS server is configured to perform a tenant-specific address-resolution procedure, in response to notification that the DNS request requires a tenant-specific address resolution, by performing a lookup into a tenant-specific database that stores information sufficient to resolve the domain address into a unique identifier of an address comprised by an overlapping domain of the set of tenant domains.
  - 3. The system of claim 1, where the multi-tenant DNS server is configured to perform a global address-resolution procedure, in response to notification that the DNS request does not require a tenant-specific address resolution, by performing a lookup into a global database that stores information sufficient to resolve the domain address into a unique Internet Protocol address that is comprised by the multi-tenant computing environment, but is not comprised by the set of private networks.
  - 4. The system of claim 1, where at least two domains of the set of tenant domains are overlapping domains that each comprise domain addresses incapable of being resolved to unique IP addresses.
  - 5. The system of claim 1, where the Tenant-ID record is a resource record formatted in conformance with IETF standard RFC 1035.
  - 6. The system of claim 5, where the determining is performed as a function of a value stored in a TYPE field of the Tenant-ID record.
  - 7. The system of claim 1, where the multi-tenant environment is a cloud-computing platform and where each private network is a distinct private overlay network hosted by the cloud-computing platform.
  - 8. The system of claim 1, where the multi-tenant environment comprises both a cloud-computing platform and a non-cloud network.

9. A method for a multi-tenant DNS mechanism comprising:
- a processor of a computer system receiving a DNS request to resolve a domain address to an Internet Protocol address,where the domain address identifies a networked entity comprised by a multi-tenant computing environment,where the DNS request comprises a Tenant-ID record that indicates whether the DNS request comprises a request for a tenant-specific domain-name resolution, and where the multi-tenant computing environment comprises a set of private networks that each host one tenant'"'"'s domain of a set of tenant domains;
  
  the processor extracting the Tenant-ID record from the DNS request;
  
  the processor determining whether the Tenant-ID record indicates that the DNS request comprises a request for a tenant-specific domain-address resolution; and
  
  the processor forwarding the DNS request to a multi-tenant DNS server along with a notification of whether the DNS request requires a tenant-specific domain-address resolution.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, where the multi-tenant DNS server is configured to perform a tenant-specific address-resolution procedure, in response to notification that the DNS request requires a tenant-specific address resolution, by performing a lookup into a tenant-specific database that stores information sufficient to resolve the domain address into a unique identifier of an address comprised by an overlapping domain of the set of tenant domains.
  - 11. The method of claim 9, where the multi-tenant DNS server is configured to perform a global address-resolution procedure, in response to notification that the DNS request does not require a tenant-specific address resolution, by performing a lookup into a global database that stores information sufficient to resolve the domain address into a unique Internet Protocol address that is comprised by the multi-tenant computing environment, but is not comprised by the set of private networks.
  - 12. The method of claim 9, where the multi-tenant environment is a cloud-computing platform and where each private network is a distinct private overlay network hosted by the cloud-computing platform.
  - 13. The method of claim 9, where the multi-tenant environment comprises both a cloud-computing platform and a non-cloud network.
  - 14. The method of claim 9, further comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable program code in the computer system, wherein the computer-readable program code in combination with the computer system is configured to implement the receiving, the extracting, the determining, and the forwarding.

15. A computer program product, comprising a computer-readable hardware storage device having a computer-readable program code stored therein, the program code configured to be executed by a DNS-resolution system comprising a processor, a memory coupled to the processor, and a computer-readable hardware storage device coupled to the processor, the storage device containing program code configured to be run by the processor via the memory to implement a method for a multi-tenant DNS mechanism, the method comprising:
- receiving a DNS request to resolve a domain address to an Internet Protocol address,where the domain address identifies a networked entity comprised by a multi-tenant computing environment,where the DNS request comprises a Tenant-ID record that indicates whether the DNS request comprises a request for a tenant-specific domain-name resolution, andwhere the multi-tenant computing environment comprises a set of private networks that each host one tenant'"'"'s domain of a set of tenant domains;
  
  extracting the Tenant-ID record from the DNS request;
  
  determining whether the Tenant-ID record indicates that the DNS request comprises a request for a tenant-specific domain-address resolution; and
  
  forwarding the DNS request to a multi-tenant DNS server along with a notification of whether the DNS request requires a tenant-specific domain-address resolution.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, where the multi-tenant DNS server is configured to perform a tenant-specific address-resolution procedure, in response to notification that the DNS request requires a tenant-specific address resolution, by performing a lookup into a tenant-specific database that stores information sufficient to resolve the domain address into a unique identifier of an address comprised by an overlapping domain of the set of tenant domains.
  - 17. The computer program product of claim 15, where the multi-tenant DNS server is configured to perform a global address-resolution procedure, in response to notification that the DNS request does not require a tenant-specific address resolution, by performing a lookup into a global database that stores information sufficient to resolve the domain address into a unique Internet Protocol address that is comprised by the multi-tenant computing environment, but is not comprised by the set of private networks.
  - 18. The computer program product of claim 15, where the Tenant-ID record is a resource record formatted in conformance with IETF standard RFC 1035, and where the determining is performed as a function of a value stored in a TYPE field of the Tenant-ID record.
  - 19. The computer program product of claim 15, where the multi-tenant environment is a cloud-computing platform and where each private network is a distinct private overlay network hosted by the cloud-computing platform.
  - 20. The computer program product of claim 15, where the multi-tenant environment comprises both a cloud-computing platform and a non-cloud network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Kapur, Ashish, Sait, Tamanna Z., Tao, Zi Jin, Zhang, Lu
Primary Examiner(s)
Yohannes, Tesfay

Application Number

US15/386,844
Publication Number

US 20180176176A1
Time in Patent Office

1,056 Days
Field of Search

709212, 709220, 709245, 726 23
US Class Current
CPC Class Codes

H04L 61/4511 using domain name system [DNS]

H04L 67/10 in which an application is ...

DNS resolution of overlapping domains in a multi-tenant computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

DNS resolution of overlapping domains in a multi-tenant computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others