Authenticated domain name resolution
First Claim
1. In an authoritative name server configured to resolve one or more domain name system records, a method of selectively resolving a domain name system record so that a client requesting resolution of the domain name system record receives a domain name system response based on the client'"'"'s authorization, the method comprising acts of:
- at an authoritative name server, receiving, from a client, a request to resolve a domain name system record into a corresponding domain name system response;
receiving client authentication from the client;
based on the received client authentication, determining that the client is authorized to receive the domain name response corresponding to the domain name system record; and
sending the corresponding domain name system response to the client.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products for resolving domain name system records based on client authentication. Basing domain name resolution on client authentication provides remote clients with the convenience of domain names, without sacrificing the security of keeping potentially sensitive domain names private. An authoritative name server receives requests for domain name resolution from clients. For requests without client authentication, the authoritative name server responds that the domain name cannot be found. This response identifies the authoritative name server to the client so that the client can submit subsequent requests with client authentication. For requests with client authentication, the authoritative name server responds with the corresponding domain name addresses. Client may communicate domain name resolution requests directly to the authoritative name server or indirection, through one or more intermediate domain name servers. Client authentication may occur over a secure connection with the authoritative name server.
202 Citations
55 Claims
-
1. In an authoritative name server configured to resolve one or more domain name system records, a method of selectively resolving a domain name system record so that a client requesting resolution of the domain name system record receives a domain name system response based on the client'"'"'s authorization, the method comprising acts of:
-
at an authoritative name server, receiving, from a client, a request to resolve a domain name system record into a corresponding domain name system response;
receiving client authentication from the client;
based on the received client authentication, determining that the client is authorized to receive the domain name response corresponding to the domain name system record; and
sending the corresponding domain name system response to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In a client capable of establishing a connection with an authoritative name server that resolves at least one domain name into at least one domain name address, wherein the authoritative name server only resolves domain names into the corresponding domain name addresses for authorized clients, a method of requesting, from the authoritative name server, a domain name address that corresponds to a domain name, the method comprising acts of:
-
sending an initial request, to resolve a domain name into a corresponding domain name address, to an authoritative name server without client authentication;
receiving a response from the authoritative name server indicating that the domain name is unknown;
establishing a direct connection with the authoritative name server;
sending client authentication to the authoritative name server over the direct connection;
sending a subsequent request, to resolve the domain name into the corresponding domain name address, to the authoritative name server; and
in response to having sent client authentication, receiving the corresponding domain name address from the authoritative name server. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. In an authoritative name server configured for resolving domain name addresses, a method for selectively resolving one or more client-requested domain names so that the client receives one or more corresponding domain name addresses only if the client is authorized, the method comprising steps for:
-
for one or more unauthenticated requests, originating from one or more unauthenticated clients, to resolve one or more domain names, an authoritative name server responding to the one or more unauthenticated clients that the one or more domain names are unknown because the one or more unauthenticated clients have not provided client authentication to the authoritative name server; and
for one or more authenticated requests, originating from one or more authenticated clients, to resolve the one or more domain names, the authoritative name server responding to the one or more authenticated clients with one or more domain name addresses corresponding to the one or more domain names because the one or more authenticated clients provided client authentication to the authoritative name server. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
27. For an authoritative name server configured to resolve at least one domain name into at least one domain name address, a computer program product comprising one or more computer readable media carrying computer executable instructions that implement a method of selectively resolving a received domain name request so that the client making the request receives a corresponding domain name address only if the client is authorized, the method comprising the acts of:
-
at an authoritative name server, receiving, from a client, a request to resolve a private domain name into a corresponding domain name address;
receiving client authentication from the client;
based on the received client authentication, determining that the client is authorized to receive the domain name address corresponding to the private domain name; and
sending the corresponding domain name address to the client. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. For a client capable of establishing a connection with an authoritative name server that resolves at least one domain name into at least one domain name address, wherein the authoritative name server only resolves domain names into the corresponding domain name addresses for authorized clients, a computer program product comprising one or more computer readable media carrying computer executable instructions that implement a method of requesting, from the authoritative name server, a domain name address that corresponds to a domain name, the method comprising acts of:
-
sending an initial request, to resolve a domain name into a corresponding domain name address, to an authoritative name server without client authentication;
receiving a response from the authoritative name server indicating that the domain name is unknown;
establishing a direct connection with the authoritative name server;
sending client authentication to the authoritative name server over the direct connection;
sending a subsequent request;
to resolve the domain name into the corresponding domain name address, to the authoritative name server; and
in response to having sent client authentication, receiving the corresponding domain name address from the authoritative name server. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. In a client capable of establishing a connection with one or more name servers that resolve at least one domain name into at least one domain name address, wherein at least one name server resolves domain name system records based on client authentication, a method of requesting one or more domain name addresses for one or more domain names, the method comprising acts of:
-
identifying an authoritative name server for a domain of interest;
establishing a secure connection with the authoritative name server;
sending client authentication to the authoritative name server over the secure connection;
requesting, from the authoritative name server, one or more domain name addresses for one or more domain names; and
based on the client authentication, receiving from the authoritative name server at least one domain name address for the one or more domain names. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55)
-
Specification