APPARATUS FOR TO PROVIDE CONTENT TO AND QUERY A REVERSE DOMAIN NAME SYSTEM SERVER

US 20100174829A1
Filed: 01/06/2009
Published: 07/08/2010
Est. Priority Date: 01/06/2009
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus comprising a dns log reading circuit coupled to a dns server, the dns log reading circuit controlled by software to read a dns log file, to extract at least one record pair comprising a domain name and its corresponding IP address, and to transmit the pair to a central server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus is disclosed for to provide content to and query a reverse domain name system (DNS) server without depending on the kindness of domain name system registrars, registrants. DNS replies are observed by firewalls or filters, analyzed, and transmitted to a reverse domain name system server. An embodiment of the present invention can be within a DNS server or SMTP server.

Citations

25 Claims

1. An apparatus comprising a dns log reading circuit coupled to a dns server, the dns log reading circuit controlled by software to read a dns log file, to extract at least one record pair comprising a domain name and its corresponding IP address, and to transmit the pair to a central server.
- View Dependent Claims (2)
- - 2. The apparatus of claim 1 further comprising a dns log reading circuit controlled by software to read a dns log file, to extract at least one record triplet comprising a domain name, its MX host, and a corresponding IP address of its MX host, and to transmit the triplet to a central server.

3. An apparatus comprisingan observer circuit to observe domain name system (DNS) reply packets coupled to a link circuit,the observer circuit coupled to a DNS reply analysis circuit to analyze DNS reply packets,the analysis circuit coupled to a store circuit,and a store circuit to store reverse DNS datawherein the analysis circuit controls the store circuit to store reverse DNS data if the analysis circuit determines a packet is a reply, is an authoritative answer and contains any reverse DNS data.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 4. The apparatus of claim 3 wherein reverse DNS data comprises at least two records of a record triplet comprising a domain name, its MX mail server, and an IP address associated with the MX mail server.
  - 5. The apparatus of claim 3 wherein reverse DNS data comprises a record pair comprising a domain name, and an IP address associated with its host IP address.
  - 6. The apparatus of claim 3 further comprisinga transmitter circuit to transmit reverse DNS data to a central server wherein the transmitter circuit is controlled by software instructions to transmita file containing reverse DNS data accumulated over a certain period.
  - 7. The apparatus of claim 3 further comprisinga transmitter circuit to transmit reverse DNS data to a central server wherein the transmitter circuit is controlled by software instructions to transmit a certain maximum quantity of reverse DNS data.
  - 8. The apparatus of claim 3 further comprisinga transmitter circuit to transmit reverse DNS data to a central server wherein the transmitter circuit is controlled by software instructions to transmit only reverse DNS data which has not been previously uploaded within a certain period.
  - 9. The apparatus of claim 3 further comprisinga transmitter circuit to transmit reverse DNS data to a central server wherein the transmitter circuit is controlled by software instructions to transmit only reverse DNS data which is not already contained within a database received from the central server.
  - 10. The apparatus of claim 3 further comprisinga transmitter circuit to transmit reverse DNS data to a central server wherein the transmitter circuit is controlled by software instructions to transmit a reply containing a plurality of PTR records associated with a single IP address.
  - 11. The apparatus of claim 3 further comprisinga transmitter circuit to transmit reverse DNS data to a central server wherein the transmitter circuit is controlled by software instructions to transmit a duplicate of each instance of reverse DNS data it observes up to a maximum quantity per period.
  - 12. The apparatus of claim 3 further comprisinga transmitter circuit to transmit reverse DNS data to a central server wherein the transmitter circuit is controlled by software instructions to transmit a duplicate of each instance of reverse DNS data it observes.

13. An apparatus comprising a domain name system (DNS) packet observer circuit coupled to a network, the observer circuit further coupled to a DNS reply analysis circuit, the DNS reply analysis circuit further coupled to a DNS reply transmitter circuit, and the DNS reply transmitter circuit coupled to the network, wherein the analysis circuits further controls the DNS reply transmitter circuit to send a DNS packet to a reverse DNS server if the DNS reply analysis circuit determines that DNS packet is a reply, is an authoritative answer, contains a domain name in the packet NAME field, and contains an IP address from the packet RR field, whereby the DNS reply transmitter circuit transmits a packet containing one of the IP address and a domain name and an MX record and a domain name from the apparatus to a reverse DNS server coupled to the network.
- View Dependent Claims (14)
- - 14. The apparatus of claim 13 wherein the DNS reply transmitter circuit only transmits a packet if the IP address is within a range of the IP address of the apparatus itself, the range defined by a bitmask received from a central server.

15. An apparatus comprising a domain name system (DNS) packet observer circuit coupled to a network, the reply circuit further coupled to a DNS reply analysis circuit, the DNS reply analysis circuit further coupled to a DNS QNAME setting circuit, the DNS QNAME setting circuit coupled to a DNS query transmitter circuit, and the DNS query transmitter circuit coupled to the network, wherein the DNS reply analysis circuit controls the DNS QNAME setting circuit to append a NAME comprising a first argument to a RECORD comprising a second argument if the DNS reply analysis circuit determines that DNS packet is a reply, is an authoritative answer, wherein a first argument is a domain name from the packet NAME field, and a second argument is an IP address from the packet RR fieldand wherein the DNS query transmitter circuit transmits a UDP packet containing the IP address and the domain name from the apparatus to a reverse DNS server coupled to the network.
- View Dependent Claims (16)
- - 16. The apparatus of claim 15 wherein the DNS query transmitter circuit transmits the UDP packet to a DNS server associated with a range of the IP address of the apparatus itself, the range defined by a bitmask received from a central server.

17. An apparatus comprising a domain name system (DNS) packet observer circuit coupled to a network, the reply circuit further coupled to a DNS reply analysis circuit, the DNS reply analysis circuit further coupled to an argument store, the argument store coupled to a DNS NAME and DNS PTR setting circuit, the DNS NAME and DNS PTR setting circuit coupled to a DNS reply transmitter circuit, and the DNS reply transmitter circuit coupled to the network, wherein the argument store comprises computer readable media encoded with a first argument and a second argument if the DNS reply analysis circuit determines that DNS packet is a reply, and is an authoritative answer, wherein a first argument is a domain name from the packet NAME field, and a second argument is an IP address from the packet RR field andwherein the DNS NAME setting circuit encodes a second argument comprising a selected IP address as a DNS NAME field and the DNS PTR setting circuit encodes at least one first argument comprising a domain name as a DNS PTR field and wherein the DNS reply transmitter circuit transmits a UDP packet containing the selected IP address and at least one domain name from the apparatus to a reverse DNS server coupled to the network.
- View Dependent Claims (18)
- - 18. The apparatus of claim 17 wherein the DNS reply transmitter circuit transmits a UDP packet only if a plurality of DNS PTR fields are available to be transmitted.

19. A computer implemented method for building a reverse IP database comprising controlling a processor to execute instructions to perform the steps selected from the group consisting of:
- (a) receiving dns replies associated with one or more domain names which provides an IP address;
  
  (b) performing reverse DNS on said IP address in associated root servers and name servers to obtain host names;
  
  (c) crawling websites associated with said host names and seeking new hosts on known websites in different TLDs;
  
  (d) indexing all new host names found;
  
  (e) resolving the associated IP address with each host name;
  
  (f) repeating any of steps (b), (c), (d), and (e) one or more times.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The method of claim 19 further comprising the step of storing DNS entries while logging an entries association with a host name.
  - 21. The method of claim 19 further comprising receiving a list of domain names from a central server whereby a plurality of search systems are assigned different portions of the domain name space.
  - 22. The method of claim 19 further comprising generating a result of the search and uploading the result to a central server.
  - 23. The method of claim 19 further comprising a step of searching MX records, IP addresses therefrom, and performing reverse DNS, and optionally forward DNS, thereon.
  - 24. The method of claim 20 further comprising generating a result of the search and uploading the result to a central server.

25. A computer implemented method comprising controlling a processor to execute instructions to perform the following steps:
- receiving an email from an smtp client, wherein smtp is simple mail transfer protocol;
  
  reading a source IP address from a TCP/IP header of said email;
  
  reading a domain name from a MAIL FROM command of said email;
  
  transmitting a reverse IP query to a reverse domain name system server comprising said source IP address;
  
  receiving a response from said reverse domain name system server comprising at least one co-hosted domain name; and
  
  determining to forward or delete said email by comparing said co-hosted domain name with a list of known spammers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barracuda Networks Incorporated
Original Assignee
Barracuda Networks Incorporated
Inventors
DRAKO, DEAN

Application Number

US12/348,917
Publication Number

US 20100174829A1
Time in Patent Office

Days
Field of Search
US Class Current

709/245
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 51/48   Message addressing, e.g. ad...

H04L 61/4511   using domain name system [DNS]

APPARATUS FOR TO PROVIDE CONTENT TO AND QUERY A REVERSE DOMAIN NAME SYSTEM SERVER

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS FOR TO PROVIDE CONTENT TO AND QUERY A REVERSE DOMAIN NAME SYSTEM SERVER

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links