Split-Domain Name Service

US 20130179551A1
Filed: 01/06/2012
Published: 07/11/2013
Est. Priority Date: 01/06/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising performing the following by a domain name service (DNS) server of a first network:

receiving a network address of a DNS server of a second network, the second network coupled to the first network through a first gateway between the second network and a third network and a second gateway between the third network and the first network;

receiving a request from a client of the second network for a DNS lookup of a name of a host;

determining whether the host is on the second network; and

if the host is on the second network;

sending a DNS referral to the client that includes the network address of the DNS server of the second network, the DNS server of the second network being operable to provide the network address of the host of the second network to the client in response to a DNS lookup request of the name of the host from the client.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method includes receiving an address of a DNS server of a network. A secure communication tunnel is established with a client of the network. The client is notified that requests to the address of the DNS server of the network should not pass through the secure communication tunnel. A request for a DNS lookup of a name of a host of the network is received through the secure communication tunnel. A DNS referral that includes the address of the DNS server of the network is sent to the client.

32 Citations

View as Search Results

22 Claims

1. A method comprising performing the following by a domain name service (DNS) server of a first network:
- receiving a network address of a DNS server of a second network, the second network coupled to the first network through a first gateway between the second network and a third network and a second gateway between the third network and the first network;
  
  receiving a request from a client of the second network for a DNS lookup of a name of a host;
  
  determining whether the host is on the second network; and
  
  if the host is on the second network;
  
  sending a DNS referral to the client that includes the network address of the DNS server of the second network, the DNS server of the second network being operable to provide the network address of the host of the second network to the client in response to a DNS lookup request of the name of the host from the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - if the host is not on the second network;
      
      determining a network address of the host based on the name of the host; and
      
      sending, to the client of the second network, the network address of the host.
  - 3. The method of claim 1, wherein the first gateway is operable to:
    - establish a secure communication tunnel with the client of the second network, the secure communication tunnel extending from the first gateway through the third network and the second gateway to the client; and
      
      notify the client that requests to the network address or a network prefix covering the network address of the DNS server of the second network should not pass through the secure communication tunnel.
  - 4. The method of claim 1, wherein the network address of the DNS server of the second network is received from the client during the establishment of a secure communication tunnel between the client and the first network.
  - 5. The method of claim 1, wherein the network address of the DNS server of the second network is configured at the DNS server of the first network by an administrator of the first network.
  - 6. The method of claim 1, wherein the network address of the DNS server of the second network is determined based, at least in part, on a reverse DNS lookup of a network address of the client.
  - 7. The method of claim 1, further comprising storing the network address of the DNS server of the second network in a DNS zone file and distributing the DNS zone file to at least one additional DNS server of the first network.
  - 8. The method of claim 1, the determining whether the host is on the second network comprising:
    - receiving a domain name that refers to at least a portion of the second network;
      
      associating the domain name with the network address of the DNS server of the second network; and
      
      determining whether the host is a member of a domain specified by the domain name.

9. A system comprising:
- a DNS server of a first network, the DNS server of the first network operable to;
  
  receive a network address of a DNS server of a second network, the second network coupled to the first network through a first gateway between the second network and a third network and a second gateway between the third network and the first network;
  
  receive a request from a client of the second network for a DNS lookup of a name of a host;
  
  determine whether the host is on the second network; and
  
  if the host is on the second network;
  
  send a DNS referral to the client that includes the network address of the DNS server of the second network, the DNS server of the second network being operable to provide the network address of the host of the second network to the client in response to a DNS lookup request of the name of the host from the client.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, the DNS server of the first network further operable to:
    - if the host is not on the second network;
      
      determine a network address of the host based on the name of the host; and
      
      send, to the client of the second network, the network address of the host.
  - 11. The system of claim 9, wherein the first gateway is operable to:
    - establish a secure communication tunnel with the client of the second network, the secure communication tunnel extending from the first gateway through the third network and the second gateway to the client; and
      
      notify the client that requests to the network address or a network prefix covering the network address of the DNS server of the second network should not pass through the secure communication tunnel.
  - 12. The system of claim 9, wherein the network address of the DNS server of the second network is received from the client during the establishment of a secure communication tunnel between the client and the first network.
  - 13. The system of claim 9, wherein the network address of the DNS server of the second network is configured at the DNS server of the first network by an administrator of the first network.
  - 14. The system of claim 9, wherein the network address of the DNS server of the second network is determined based, at least in part, on a reverse DNS lookup of a network address of the client.
  - 15. The system of claim 9, the DNS server of the first network further operable to store the network address of the DNS server of the second network in a DNS zone file and distribute the DNS zone file to at least one additional DNS server of the first network.
  - 16. The system of claim 9, the DNS server operable to determine whether the host is on the second network by:
    - receiving a domain name that refers to at least a portion of the second network;
      
      associating the domain name with the network address of the DNS server of the second network; and
      
      determining whether the host is a member of a domain specified by the domain name.

17. A method comprising:
- establishing, by a client of a first network, a secure communication tunnel with a first gateway of a second network, the first gateway of the second network coupled to the first network through a third network and a second gateway of the first network;
  
  receiving, from the first gateway of the second network, an indication that communication with a particular network prefix or particular network address should not be sent through the secure communication tunnel, the particular network prefix covering or particular network address being an network address of a Domain Name Service (DNS) server of the first network;
  
  sending a request through the secure communication tunnel to a DNS server of the second network for a DNS lookup of a name of a host of the first network;
  
  receiving, from the DNS server of the second network, a DNS referral that includes the network address of a DNS server of the first network;
  
  sending the request for the DNS lookup of the name of host of the first network to the network address of the DNS server of the first network; and
  
  receiving, from the DNS server of the first network, a network address of the host of the first network.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17, further comprising sending, by the client, the network address of the DNS server of the first network to the DNS server of the second network prior to receiving the network address of the DNS server of the first network in the DNS referral from the DNS server of the second network.
  - 19. The method of claim 17, further comprising sending, by the client, a domain name to be associated with the network address of the DNS server of the first network, the domain name specifying a domain that includes a plurality of hosts of the first network.
  - 20. The method of claim 17, wherein the request for the DNS lookup of the name of the host of the first network is sent to the DNS server of the first network through a path that does not include the secure communication tunnel while the secure communication tunnel is open.
  - 21. The method of claim 17, wherein the host of the first network is a first host and the method further comprises:
    - caching the network address of the DNS server of the first network received in the DNS referral in a cache of the client; and
      
      sending a request for a DNS lookup of a name of a second host of the first network to the network address identified in the cache of the client without first requesting a DNS lookup of the name of the second host from the DNS server of the second network.

22. One or more computer-readable non-transitory storage media embodying logic that is operable when executed by a client of a first network to:
- establish a secure communication tunnel with a first gateway of a second network, the first gateway of the second network coupled to the first network through a third network and a second gateway of the first network;
  
  receive, from the first gateway of the second network, an indication that communication with a particular network prefix or particular network address should not be sent through the secure communication tunnel, the particular network prefix covering or particular network address being a network address of a Domain Name Service (DNS) server of the first network;
  
  send a request through the secure communication tunnel to a DNS server of the second network for a DNS lookup of a name of a host of the first network;
  
  receive, from the DNS server of the second network, a DNS referral that includes the network address of the DNS server of the first network;
  
  send the request for the DNS lookup of the name of the host of the first network to the network address of the DNS server of the first network; and
  
  receive, from the DNS server of the first network, an network address of the host of the first network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Blue Coat Systems Incorporated (Gen Digital Inc.)
Inventors
Li, Qing

Granted Patent

US 8,788,708 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

Split-Domain Name Service

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Split-Domain Name Service

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links