DNS-BASED DETERMINING WHETHER A DEVICE IS INSIDE A NETWORK
First Claim
Patent Images
1. A method comprising:
- generating a domain name system (DNS) query;
causing the DNS query to be sent;
checking whether a verified DNS response to the DNS query is received;
determining that a computing device is inside a particular network if the verified DNS response is received; and
determining that the computing device is outside the particular network if the verified DNS response is not received.
2 Assignments
0 Petitions
Accused Products
Abstract
In a computing device a domain name system (DNS) query is generated and sent, and a check is made as to whether a verified DNS response to the DNS query is received. The computing device is determined to be inside a particular network if a verified DNS response is received, and is determined to be outside that particular network if a verified DNS response is not received. A DNS response can be determined to be verified if both the DNS response has an expected value and the DNS response is digitally signed by a trusted authority, and otherwise can be determined to be not verified.
61 Citations
20 Claims
-
1. A method comprising:
-
generating a domain name system (DNS) query; causing the DNS query to be sent; checking whether a verified DNS response to the DNS query is received; determining that a computing device is inside a particular network if the verified DNS response is received; and determining that the computing device is outside the particular network if the verified DNS response is not received. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a computing device, cause the one or more processors to:
-
receive a domain name system (DNS) response to a DNS query; check whether the DNS response has an expected value; check whether the DNS response is digitally signed by a trusted authority; and determine that the computing device is verified and inside a particular network if both the DNS response has the expected value and the DNS response is digitally signed by the trusted authority, otherwise determine that the computing device is unverified and is outside the particular network. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A method in a computing device, the method comprising:
-
generating a domain name system (DNS) query that includes a particular name to be resolved; causing the DNS query to be sent to a DNS service; checking whether a verified DNS response to the DNS query is received from the DNS service by checking whether a received DNS response has an expected value for the particular name and checking whether the received DNS response is digitally signed by a root certificate authority for a corporate network, and determining that the received DNS response is the verified DNS response only if both the received DNS response has the expected value and the received DNS response is digitally signed by the root certificate authority; determining that the computing device is inside the corporate network if the verified DNS response is received; and determining that the computing device is outside the corporate network if the verified DNS response is not received.
-
Specification