DNS SECURITY EXTENSIONS FOR EMULATED APPLICATIONS

US 20160099945A1
Filed: 10/07/2014
Published: 04/07/2016
Est. Priority Date: 10/07/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

receiving, at a non-emulated interface, a DNS query from a program executed in an emulated environment;

comparing, by the non-emulated interface, a domain name associated with the DNS query to a list of secured zones comprising secured domain names;

determining, by the non-emulated interface, whether the domain name resides in a zone on the list of secured zones; and

when the domain name resides in a zone on the list of secured zones, performing the steps comprising;

sending an instruction to one or more DNS servers to resolve the DNS query and to authenticate the domain name associated with the DNS query;

receiving a response comprising an indication from the one or more DNS servers whether the domain name has been authenticated; and

sending a DNS query result to the program based, at least in part, on the received indication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The non-emulated interface may determine whether the domain-name-to-be-resolved resides in a zone on a list of secured zones. If so, the DNS query may be processed by a non-emulated interface in the host environment. The non-emulated interface may determine whether the domain-name-to-be-resolved resides in a zone on a list of secured zones. If so, the DNS query may be performed by the non-emulated interface using DNSSEC. DNS resolutions that do not pass the security checks may fail while DNS resolutions that pass the security checks will be returned to the customer.

Citations

21 Claims

1. A method, comprising:
- receiving, at a non-emulated interface, a DNS query from a program executed in an emulated environment;
  
  comparing, by the non-emulated interface, a domain name associated with the DNS query to a list of secured zones comprising secured domain names;
  
  determining, by the non-emulated interface, whether the domain name resides in a zone on the list of secured zones; and
  
  when the domain name resides in a zone on the list of secured zones, performing the steps comprising;
  
  sending an instruction to one or more DNS servers to resolve the DNS query and to authenticate the domain name associated with the DNS query;
  
  receiving a response comprising an indication from the one or more DNS servers whether the domain name has been authenticated; and
  
  sending a DNS query result to the program based, at least in part, on the received indication.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the DNS query result comprises an answer to the DNS query when the non-emulated interface receives an indication that the domain name has been authenticated.
  - 3. The method of claim 1, wherein the DNS query result comprises an error code when the non-emulated interface receives an indication that the domain name has not been authenticated.
  - 4. The method of claim 1, further comprising, when the domain name is not listed on the list of secure domain names, performing the steps comprising:
    - sending an instruction to one or more DNS servers to resolve the DNS query;
      
      receiving a response comprising a domain name resolution; and
      
      sending a DNS query result to the program based, at least in part, on the received domain name resolution.
  - 5. The method of claim 1, wherein the step of determining comprises retrieving at least a portion of the list of secure domains names from a DSSET file.
  - 6. The method of claim 1, wherein the step of sending an instruction to the one or more DNS servers comprises setting a flag in a DNS query sent to the one or more DNS servers.
  - 7. The method of claim 1, wherein the DNS query result sent to the program comprises an indication that the domain name cannot be found when the non-emulated interface determines that the domain name associated with the DNS query resides in the list of secured zones and the indication from the one or more DNS servers indicates the domain name was not authenticated.

8. A computer program product, comprising:
- a non-transitory computer-readable medium comprising instructions which, when executed by a processor of a computing system, cause the processor to perform the steps of;
  
  receiving, at a non-emulated interface, a DNS query from a program executed in an emulated environment;
  
  comparing, by the non-emulated interface, a domain name associated with the DNS query to a list of secured zones comprising secured domain names;
  
  determining, by the non-emulated interface, whether the domain name resides in a zone on the list of secured zones; and
  
  when the domain name resides in a zone on the list of secured zones, performing the steps comprising;
  
  sending an instruction to one or more DNS servers to resolve the DNS query and to authenticate the domain name associated with the DNS query;
  
  receiving a response comprising an indication from the one or more DNS servers whether the domain name has been authenticated; and
  
  sending a DNS query result to the program based, at least in part, on the received indication.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein the DNS query result comprises an answer to the DNS query when the non-emulated interface receives an indication that the domain name has been authenticated.
  - 10. The computer program product of claim 8, wherein the DNS query result comprises an error code when the non-emulated interface receives an indication that the domain name has not been authenticated.
  - 11. The computer program product of claim 8, wherein the medium further comprises instructions to, when the domain name is not listed on the list of secure domain names, perform the steps comprising:
    - sending an instruction to one or more DNS servers to resolve the DNS query;
      
      receiving a response comprising a domain name resolution; and
      
      sending a DNS query result to the program based, at least in part, on the received domain name resolution.
  - 12. The computer program product of claim 8, wherein the step of determining comprises retrieving at least a portion of the list of secure domains names from a DSSET file.
  - 13. The computer program product of claim 8, wherein the step of sending an instruction to the one or more DNS servers comprises setting a flag in a DNS query sent to the one or more DNS servers.
  - 14. The computer program product of claim 8, wherein the DNS query result sent to the program comprises an indication that the domain name cannot be found when the non-emulated interface determines that the domain name associated with the DNS query resides in the list of secured zones and the indication from the one or more DNS servers indicates the domain name was not authenticated.

15. An apparatus, comprising:
- a memory; and
  
  a processor coupled to the memory, wherein the processor is configured to execute the steps of;
  
  receiving, at a non-emulated interface, a DNS query from a program executed in an emulated environment;
  
  comparing, by the non-emulated interface, a domain name associated with the DNS query to a list of secured zones comprising secured domain names;
  
  determining, by the non-emulated interface, whether the domain name resides in a zone on the list of secured zones; and
  
  when the domain name resides in a zone on the list of secured zones, performing the steps comprising;
  
  sending an instruction to one or more DNS servers to resolve the DNS query and to authenticate the domain name associated with the DNS query;
  
  receiving a response comprising an indication from the one or more DNS servers whether the domain name has been authenticated; and
  
  sending a DNS query result to the program based, at least in part, on the received indication.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The apparatus of claim 15, wherein the DNS query result comprises an answer to the DNS query when the non-emulated interface receives an indication that the domain name has been authenticated.
  - 17. The apparatus of claim 15, wherein the DNS query result comprises an error code when the non-emulated interface receives an indication that the domain name has not been authenticated.
  - 18. The apparatus of claim 15, wherein the processor is further configured to execute the steps comprising:
    - sending an instruction to one or more DNS servers to resolve the DNS query;
      
      receiving a response comprising a domain name resolution, andsending a DNS query result to the program based, at least in part, on the received domain name resolution.
  - 19. The apparatus of claim 15, wherein the step of determining comprises retrieving at least a portion of the list of secure domains names from a DSSET file.
  - 20. The apparatus of claim 15, wherein the step of sending an instruction to the one or more DNS servers comprises setting a flag in a DNS query sent to the one or more DNS servers.
  - 21. The apparatus of claim 15, wherein the DNS query result sent to the program comprises an indication that the domain name cannot be found when the non-emulated interface determines that the domain name associated with the DNS query resides in the list of secured zones and the indication from the one or more DNS servers indicates the domain name was not authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Bergerson, Robert L., Schultz, Jason C., Webb, Susan C, Peters, John A

Application Number

US14/508,280
Publication Number

US 20160099945A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 61/4511 using domain name system [DNS]

H04L 63/12 Applying verification of th...

DNS SECURITY EXTENSIONS FOR EMULATED APPLICATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

DNS SECURITY EXTENSIONS FOR EMULATED APPLICATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links