APPARATUS FOR TO PROVIDE CONTENT TO AND QUERY A REVERSE DOMAIN NAME SYSTEM SERVER
First Claim
Patent Images
1. An apparatus comprising a dns log reading circuit coupled to a dns server, the dns log reading circuit controlled by software to read a dns log file, to extract at least one record pair comprising a domain name and its corresponding IP address, and to transmit the pair to a central server.
3 Assignments
0 Petitions
Accused Products
Abstract
An apparatus is disclosed for to provide content to and query a reverse domain name system (DNS) server without depending on the kindness of domain name system registrars, registrants. DNS replies are observed by firewalls or filters, analyzed, and transmitted to a reverse domain name system server. An embodiment of the present invention can be within a DNS server or SMTP server.
-
Citations
25 Claims
- 1. An apparatus comprising a dns log reading circuit coupled to a dns server, the dns log reading circuit controlled by software to read a dns log file, to extract at least one record pair comprising a domain name and its corresponding IP address, and to transmit the pair to a central server.
-
3. An apparatus comprising
an observer circuit to observe domain name system (DNS) reply packets coupled to a link circuit, the observer circuit coupled to a DNS reply analysis circuit to analyze DNS reply packets, the analysis circuit coupled to a store circuit, and a store circuit to store reverse DNS data wherein the analysis circuit controls the store circuit to store reverse DNS data if the analysis circuit determines a packet is a reply, is an authoritative answer and contains any reverse DNS data.
- 13. An apparatus comprising a domain name system (DNS) packet observer circuit coupled to a network, the observer circuit further coupled to a DNS reply analysis circuit, the DNS reply analysis circuit further coupled to a DNS reply transmitter circuit, and the DNS reply transmitter circuit coupled to the network, wherein the analysis circuits further controls the DNS reply transmitter circuit to send a DNS packet to a reverse DNS server if the DNS reply analysis circuit determines that DNS packet is a reply, is an authoritative answer, contains a domain name in the packet NAME field, and contains an IP address from the packet RR field, whereby the DNS reply transmitter circuit transmits a packet containing one of the IP address and a domain name and an MX record and a domain name from the apparatus to a reverse DNS server coupled to the network.
-
15. An apparatus comprising a domain name system (DNS) packet observer circuit coupled to a network, the reply circuit further coupled to a DNS reply analysis circuit, the DNS reply analysis circuit further coupled to a DNS QNAME setting circuit, the DNS QNAME setting circuit coupled to a DNS query transmitter circuit, and the DNS query transmitter circuit coupled to the network, wherein the DNS reply analysis circuit controls the DNS QNAME setting circuit to append a NAME comprising a first argument to a RECORD comprising a second argument if the DNS reply analysis circuit determines that DNS packet is a reply, is an authoritative answer, wherein a first argument is a domain name from the packet NAME field, and a second argument is an IP address from the packet RR field
and wherein the DNS query transmitter circuit transmits a UDP packet containing the IP address and the domain name from the apparatus to a reverse DNS server coupled to the network.
-
17. An apparatus comprising a domain name system (DNS) packet observer circuit coupled to a network, the reply circuit further coupled to a DNS reply analysis circuit, the DNS reply analysis circuit further coupled to an argument store, the argument store coupled to a DNS NAME and DNS PTR setting circuit, the DNS NAME and DNS PTR setting circuit coupled to a DNS reply transmitter circuit, and the DNS reply transmitter circuit coupled to the network, wherein the argument store comprises computer readable media encoded with a first argument and a second argument if the DNS reply analysis circuit determines that DNS packet is a reply, and is an authoritative answer, wherein a first argument is a domain name from the packet NAME field, and a second argument is an IP address from the packet RR field and
wherein the DNS NAME setting circuit encodes a second argument comprising a selected IP address as a DNS NAME field and the DNS PTR setting circuit encodes at least one first argument comprising a domain name as a DNS PTR field and wherein the DNS reply transmitter circuit transmits a UDP packet containing the selected IP address and at least one domain name from the apparatus to a reverse DNS server coupled to the network.
-
19. A computer implemented method for building a reverse IP database comprising controlling a processor to execute instructions to perform the steps selected from the group consisting of:
- (a) receiving dns replies associated with one or more domain names which provides an IP address;
(b) performing reverse DNS on said IP address in associated root servers and name servers to obtain host names;
(c) crawling websites associated with said host names and seeking new hosts on known websites in different TLDs;
(d) indexing all new host names found;
(e) resolving the associated IP address with each host name;
(f) repeating any of steps (b), (c), (d), and (e) one or more times. - View Dependent Claims (20, 21, 22, 23, 24)
- (a) receiving dns replies associated with one or more domain names which provides an IP address;
-
25. A computer implemented method comprising controlling a processor to execute instructions to perform the following steps:
- receiving an email from an smtp client, wherein smtp is simple mail transfer protocol;
reading a source IP address from a TCP/IP header of said email;
reading a domain name from a MAIL FROM command of said email;
transmitting a reverse IP query to a reverse domain name system server comprising said source IP address;
receiving a response from said reverse domain name system server comprising at least one co-hosted domain name; and
determining to forward or delete said email by comparing said co-hosted domain name with a list of known spammers.
- receiving an email from an smtp client, wherein smtp is simple mail transfer protocol;
Specification