AUTOMATED VERIFICATION OF DNS ACCURACY
First Claim
1. A computer executed method for verifying DNS results, comprising controlling a processor to perform the following steps:
- actively observing a domain name system (dns) request from a resolver;
replicating the dns request;
transmitting the dns request to a first server and at least one secondary server;
blocking any response to the original resolver until a plurality of dns replies are received; and
allowing a response to the original resolver on the condition that two dns replies match in content.
11 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method, a computer system, and a computer readable media product that contains a set of computer executable software instructions for directing the computer to execute a process for independent confirmation of DNS replies to foil DNS cache poisoning attacks. The process comprises comparing a plurality of DNS replies for an exact or predefined “close enough” match as a condition for blocking or forwarding a DNS reply to a resolver. The tangible beneficial result is to prevent the success of a dns cache poisoning attack from diverting a user to a malicious site on the internet.
-
Citations
30 Claims
-
1. A computer executed method for verifying DNS results, comprising controlling a processor to perform the following steps:
-
actively observing a domain name system (dns) request from a resolver;
replicating the dns request;transmitting the dns request to a first server and at least one secondary server; blocking any response to the original resolver until a plurality of dns replies are received; and allowing a response to the original resolver on the condition that two dns replies match in content. - View Dependent Claims (2, 24, 25, 26, 27)
-
-
3. A computer implemented method for obtaining verified DNS results, comprising controlling a processor to perform the following steps:
-
passively receiving a domain name system (dns) request from a resolver; replicating the dns request; transmitting the dns request to at least one secondary server; holding a response to the original resolver until at least one dns reply from a secondary server is received; and responding to the original resolver on the condition that two dns replies match in content. - View Dependent Claims (4)
-
-
5. A computer executed method for controlling a processor from computer readable media to operate on a DNS request comprising the following steps:
-
receiving a domain name system (dns) request from a resolver; replicating the dns request; transmitting the dns request to a primary server and at least one secondary server; and responding to the original resolver on the condition that two dns replies match in content. - View Dependent Claims (6, 7, 8)
-
-
9. A computer implemented method for foiling DNS cache poisoning attacks by controlling a processor from computer readable media to manage a DNS request comprising the following steps:
-
receiving a DNS query and relaying a DNS query to a plurality of DNS servers; receiving a plurality of DNS responses and comparing the contents; truncating the DNS response to remove authority information unrelated to the original query; voting the plurality of DNS responses to determine a winner; and relaying the winning DNS response to the originator. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method for foiling DNS cache poisoning attacks comprising the following steps:
-
observing a DNS query to a DNS server and blocking a reply, initiating at least one additional DNS query to at least one of a plurality of DNS servers; receiving a plurality of DNS responses and comparing the contents; truncating the DNS response to remove authority information unrelated to the original query; voting the plurality of DNS responses to determine a winner; and relaying the winning DNS response to the originator. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A computer implemented method tangibly embodied as programming instructions on computer readable media for to control a processor comprising receiving a dns request, pseudo randomly generating a plurality of transaction ids and port addresses, requesting a dns record from a plurality of servers, and flushing cache if results from a query do not match the cached value.
- 28. A method for verifying DNS accuracy comprising duplicating a DNS query and transmitting it to at least three DNS servers and on the condition of receiving at least two replies not having a condition of match, blocking any reply to the initiating resolver.
Specification