PROVIDING PRIVACY ENHANCED RESOLUTION SYSTEM IN THE DOMAIN NAME SYSTEM

US 20130173825A1
Filed: 12/30/2011
Published: 07/04/2013
Est. Priority Date: 12/30/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium encoded with instructions that, when executed on a processor, perform a method of minimizing the disclosure of a domain name contained in a DNS query, the method comprising:

determining a first label and a second label associated with a domain name included in a DNS query;

querying a first nameserver for a first internet protocol address associated with the first label without revealing information related to the second label;

receiving a response from the first nameserver, the response including the first internet protocol address directing a resolver to a second nameserver; and

querying the second nameserver for a second internet protocol address associated with the first label and the second label.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and a non-transitory computer-readable medium may perform a method of minimizing the disclosure of a domain name contained in a DNS query. The method may include: determining a first label and a second label associated with a domain name included in a DNS query; querying a first nameserver for the first label without revealing the second label to the first nameserver; receiving a response from the first nameserver directing a resolver to a second nameserver; and querying the second nameserver for the first label and the second label.

Citations

22 Claims

1. A non-transitory computer-readable medium encoded with instructions that, when executed on a processor, perform a method of minimizing the disclosure of a domain name contained in a DNS query, the method comprising:
- determining a first label and a second label associated with a domain name included in a DNS query;
  
  querying a first nameserver for a first internet protocol address associated with the first label without revealing information related to the second label;
  
  receiving a response from the first nameserver, the response including the first internet protocol address directing a resolver to a second nameserver; and
  
  querying the second nameserver for a second internet protocol address associated with the first label and the second label.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19, 20)
- - 2. The non-transitory computer-readable medium of claim 1, wherein querying the first nameserver for the first label without revealing the second label to the first nameserver comprises:
    - generating one or more false labels; and
      
      querying the first nameserver for the first internet protocol address using the first label and the one or more false labels.
  - 3. The non-transitory computer-readable medium of claim 1, wherein querying the first nameserver for the first label without revealing the second label to the first nameserver comprises removing information related to the second label from the query.
  - 4. The non-transitory computer-readable medium of claim 1, the method further comprising:
    - determining a third label associated with the domain name,wherein the second nameserver is queried without revealing information related to the third label.
  - 5. The non-transitory computer-readable medium of claim 1, the method further comprising:
    - determining whether at least one of the first internet protocol address and the second internet protocol address is stored in a cache before querying at least one of the first nameserver and the second nameserver.
  - 6. The non-transitory computer-readable medium of claim 1, wherein the resolver is a stub resolver.
  - 7. The non-transitory computer-readable medium of claim 1, wherein the resolver is a recursive resolver.
  - 8. The non-transitory computer-readable medium of claim 1, wherein the first label is separated from the second label.
  - 9. The non-transitory computer-readable medium of claim 1, wherein the first nameserver is a root nameserver.
  - 19. The non-transitory computer-readable medium of claim 1, wherein querying the first nameserver for the first label without revealing the second label to the first nameserver comprises removing information related to the second label from the query.
  - 20. The non-transitory computer-readable medium of claim 1, the method further comprising:
    - determining a third label associated with the domain name,wherein the second nameserver is queried without revealing information related to the third label.

10. A non-transitory computer-readable medium encoded with instructions that, when executed on a processor, perform a method of minimizing the disclosure of a domain name contained in a DNS query, the method comprising:
- determining a first label and a second label associated with a domain name included in a DNS query;
  
  generating a false label;
  
  querying a first nameserver for first address information associated with the first label and the false label without revealing the second label to the first nameserver;
  
  receiving a response from the first nameserver including the address information, the address information directing a resolver to a second nameserver; and
  
  querying the second nameserver for second address information associated with the first label and the second label.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The non-transitory computer-readable medium of claim 10, wherein querying a first nameserver for first address information associated with the first label and the false label without revealing the second label to the first nameserver comprises removing information related to the second label from the query;
  - 12. The non-transitory computer-readable medium of claim 10, the method further comprising:
    - determining a third label associated with the domain name,wherein the second nameserver is queried for the second address information without revealing information related to the third label.
  - 13. The non-transitory computer-readable medium of claim 10, the method further comprising:
    - determining whether at least one of the first address information and the second address information is stored in a cache before querying at least one of the first nameserver and the second nameserver.
  - 14. The non-transitory computer-readable medium of claim 10, wherein the resolver is one of a stub resolver or a recursive resolver.

15. An apparatus for minimizing the disclosure of a domain name contained in a DNS query, comprising:
- a memory; and
  
  a processor communicatively coupled to the memory, the processor being configured to;
  
  determine a first label and a second label associated with a domain name included in a DNS query;
  
  query a first nameserver for the first label without revealing the second label to the first nameserver;
  
  receive a response from the first nameserver directing a resolver to a second nameserver; and
  
  query the second nameserver for the first label and the second label.
- View Dependent Claims (16, 17, 18)
- - 16. The apparatus of claim 15, wherein the query to the first nameserver comprises a request for an internet protocol address for an authoritative nameserver for the first label.
  - 17. The apparatus of claim 15, wherein the query to the second nameserver comprises a request for an internet protocol address for an authoritative nameserver for a namespace including the first label and the second label.
  - 18. The apparatus of claim 15, wherein querying the first nameserver for the first label without revealing the second label to the first nameserver comprises:
    - generating one or more false labels; and
      
      querying the first nameserver for the first internet protocol address using the first label and the one or more false labels.

21. A non-transitory computer-readable medium encoded with instructions that, when executed on a processor, perform a method of minimizing the disclosure of a domain name contained in a DNS query, the method comprising:
- determining a first label and a second label associated with the domain name included in the DNS query;
  
  querying a first nameserver associated with the first label for a first nameserver name without revealing information related to the second label;
  
  receiving a response from the first nameserver, the response including the first nameserver name; and
  
  querying a second nameserver associated with the first nameserver name for a second nameserver name associated with the first label and the second label.
- View Dependent Claims (22)
- - 22. The non-transitory computer-readable medium of claim 21, wherein the response further includes an internet protocol address associated with the first nameserver name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VeriSign, Inc.
Original Assignee
VeriSign, Inc.
Inventors
MCPHERSON, Danny, OSTERWEIL, Eric

Granted Patent

US 8,880,686 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/245
CPC Class Codes

H04L 2101/35   containing special prefixes

H04L 61/4511   using domain name system [DNS]

H04L 61/4552   Lookup mechanisms between a...

H04L 63/0407   wherein the identity of one...

PROVIDING PRIVACY ENHANCED RESOLUTION SYSTEM IN THE DOMAIN NAME SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

PROVIDING PRIVACY ENHANCED RESOLUTION SYSTEM IN THE DOMAIN NAME SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links