POLICY-MANAGED DNS SERVER FOR TO CONTROL NETWORK TRAFFIC
First Claim
1. A computer system comprising a link circuit to send and receive packets on the Internet, a processor, and a computer-readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for policy-based operation of a DNS server apparatus whereby a reply to a DNS query from a sender is selected according to the source IP of the sender of the DNS query.
11 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method, a computer system, and a computer-readable media product that contains a set of computer executable software instructions for directing the computer to execute a process for policy-based operation of a DNS server apparatus to manage traffic due to undesirable mail or requests for electronic documents. The policies operate according to owners, regions, or countries controlling source IP addresses and deterministically select from a plurality of non-equivalent replies to be sent to the source IP address. Accumulating previous activity records may assist in determining which traffic may be usefully deferred or suppressed. The process includes withholding certain information from certain DNS servers seeking IP addresses to improve overall security and integrity of the Internet.
-
Citations
33 Claims
- 1. A computer system comprising a link circuit to send and receive packets on the Internet, a processor, and a computer-readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for policy-based operation of a DNS server apparatus whereby a reply to a DNS query from a sender is selected according to the source IP of the sender of the DNS query.
-
9. A computer system for providing tailored message content to certain communities comprising a link circuit to send and receive packets on the Internet, a processor, and a computer-readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for policy-based operation of a DNS server apparatus comprising reading a source IP address from the DNS query, checking a database for information about the community served by the source IP address, and transmitting a certain message for said community.
-
10. A computer system for providing tailored message content by day of the week and time of day comprising a link circuit to send and receive packets on the Internet, a processor, and a computer-readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for policy-based operation of a DNS server apparatus whereby a reply to a DNS query from a sender is generated according to the day of week and time of day of the DNS query.
-
11. A computer system whereby access is denied to bots and webcrawlers comprising a link circuit to send and receive packets on the Internet, a processor, and a computer-readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for policy-based operation of a DNS server apparatus comprising extracting a source IP address, checking a list of IP addresses which serve bots and webcrawlers, and replying only to queries from sources not on said list.
-
12. A computer executed method encoded as computer executable software instructions on computer-readable media comprising the following steps:
-
receiving a UDP packet containing a DNS query comprising a query name, a query type, query class, from an IP source address and source port at a certain time; evaluating at least one rule operating on at least two of the following;
time and date, query type and query name, and IP source address; andtransmitting a pre-identified reply to the source IP address and port. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An apparatus for policy managed DNS services comprising:
-
a circuit to receive a UDP packet; a circuit to read from the UDP packet;
a source IP address, socket, a query name, a query type, a query class, and a time and date;a circuit to implement at least one policy, wherein a policy comprises a rule and a reply to be transmitted if the rule is evaluated to be true and a reply to be transmitted if the rule is evaluated to be false; a circuit to evaluate the rule by application of values read from the UDP packet; and a circuit to transmit the reply selected by the policy. - View Dependent Claims (24, 25, 26)
-
-
27. An apparatus for providing domain name system (DNS) query service comprising a outsourced policy engine coupled through a network to a policy-based DNS server apparatus which evaluates a policy decision based on the source IP address of a DNS query.
-
28. A computer executed method for providing domain name system (DNS) query service comprising a outsourced policy engine coupled through a network to a policy-based DNS server apparatus which evaluates a policy decision based on information stored in a database queried with the source IP address of a DNS query.
-
29. A system for providing domain name system (DNS) query service comprising a database, and an outsourced policy engine coupled through a network to a policy-based DNS server apparatus which policy engine evaluates a policy decision based on information extracted from a DNS query and used to retrieve values stored in the database.
-
30. A computer executed method of policy translation for providing executable modules to a policy engine comprising the steps of converting an abstract policy on spam, abusive users, sources of malicious software to ranges of IP addresses for use by a policy engine in a domain name system server apparatus.
-
31. A computer executed method for creating a policy rule for a policy-managed DNS server comprising binding at least one of the following actions to the condition that a source of a DNS request is found in a list of undesirable IP addresses:
-
transmitting a code for no such address found; transmitting a loopback address; transmitting a fictitious address; transmitting an address to a fixed message; and no reply at all.
-
-
32. An informed domain name system server method comprising a system for requesting information having a method for receiving a domain name server request, a method for checking a local cache for an IP address, and a method for requesting DNS resource records from another domain name system server wherein the improvement comprises the steps of sending a query containing an IP address to an informational server, receiving report on the observed previous performance of the host associated with the subject IP address, and suppressing a query or a reply on DNS resource records according to the report.
-
33. A computer executed method encoded as computer executable software instructions on computer-readable media comprising the following steps:
-
receiving a UDP packet containing a DNS query comprising a query name, a query type, query class, from an IP source address and source port at a certain time; evaluating at least one rule operating on at least two of the following;
time and date, query type and query name, and IP source address;generating a reply based on the result of rule evaluation; and transmitting the generated reply to the source IP address and port.
-
Specification