User Identity Differentiated DNS Resolution

US 20170155645A1
Filed: 11/27/2015
Published: 06/01/2017
Est. Priority Date: 11/26/2011
Status: Active Grant

First Claim

Patent Images

1. A method for domain name system (DNS) resolution implemented in a computing device comprising:

at a domain name system (DNS) resolver, receiving, from a client, a request to resolve a domain name or multiple domain names into their corresponding IP address or IP addresses, the domain name system (DNS) resolver receiving the request being capable of sending domain name queries to a single or a plurality of recursive domain name system (DNS) servers;

at the domain name system (DNS) resolver, creating a domain name query suitable for sending to a domain name system (DNS) server;

at the domain name system (DNS) resolver, receiving client authentication from the client;

at the domain name system (DNS) resolver, based on the received client authentication, determine the recursive DNS name server, among the plurality of recursive DNS name servers available to the DNS resolver, that should be used to fulfill the domain name resolution request;

at the domain name system (DNS) resolver, sending the domain name query to the recursive domain name system (DNS) server selected to fulfill the domain name resolution request;

at the domain name system (DNS) resolver, receiving domain name system response from the said recursive domain name system (DNS) server; and

at die domain name system (DNS) resolver, parsing the domain system response received from the recursive domain name system (DNS) server; and

sending the corresponding IP address or IP addresses to the client.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for DNS resolution based on user identities are provided herein. In the DNS name resolution process, a DNS resolver can construct and send DNS queries to different DNS name servers depending on the identities of the users requesting the name resolution. One embodiment may be a DNS forwarder configured in a home router, where DNS requests from a certain user group (e.g., kids) may be forwarded to OpenDNS Family Shield, while DNS requests from another user group (e.g., parents) may be forwarded to the ISP'"'"'s default DNS servers or Google Public DNS. In another embodiment, the DNS resolver may be integrated within an authenticating proxy server, wherein the DNS resolver may use different DNS name servers to perform DNS name resolution for different users authenticated by the proxy server.

16 Citations

View as Search Results

20 Claims

1. A method for domain name system (DNS) resolution implemented in a computing device comprising:
- at a domain name system (DNS) resolver, receiving, from a client, a request to resolve a domain name or multiple domain names into their corresponding IP address or IP addresses, the domain name system (DNS) resolver receiving the request being capable of sending domain name queries to a single or a plurality of recursive domain name system (DNS) servers;
  
  at the domain name system (DNS) resolver, creating a domain name query suitable for sending to a domain name system (DNS) server;
  
  at the domain name system (DNS) resolver, receiving client authentication from the client;
  
  at the domain name system (DNS) resolver, based on the received client authentication, determine the recursive DNS name server, among the plurality of recursive DNS name servers available to the DNS resolver, that should be used to fulfill the domain name resolution request;
  
  at the domain name system (DNS) resolver, sending the domain name query to the recursive domain name system (DNS) server selected to fulfill the domain name resolution request;
  
  at the domain name system (DNS) resolver, receiving domain name system response from the said recursive domain name system (DNS) server; and
  
  at die domain name system (DNS) resolver, parsing the domain system response received from the recursive domain name system (DNS) server; and
  
  sending the corresponding IP address or IP addresses to the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. the method of claim 1, wherein the client is authenticated by sending credentials directly to the domain name system (DNS) resolver.
  - 3. the method of claim 1, wherein the client is authenticated by an application program.
  - 4. the method of claim 1, wherein the client is authenticated by an operating system.
  - 5. the method of claim 1, wherein the client is authenticated by a centralized authentication service.
  - 6. the method of claim 1, wherein the client is authenticated by the identification of the client device.
  - 7. the method of claim 1, wherein the client is authenticated by any other means of authentication service.
  - 8. the method of claim 1, wherein responses from a recursive domain name server or a plurality of recursive domain name servers are stored in a local cache.
  - 9. the method of claim 1, wherein the domain name system (DNS) resolver sends a response directly to the client based on data available in the local cache or rules configured for the DNS resolver, without consulting a recursive domain name server.
  - 10. the method of claim 1, wherein the domain name system (DNS) resolver, based on client identity and rules configured for the DNS resolver, sends a DNS query for an alternate domain name in lieu of the original requested domain name to a recursive domain name server.
  - 11. the method of claim 1, wherein the domain name system (DNS) resolver sends a domain name query to a DNS forwarder;
    - at the DNS forwarder, receiving the domain name query from the said domain name system (DNS) resolver;
      
      at the DNS forwarder, sending the domain name query to the recursive domain name system (DNS) server selected by the domain name system (DNS) resolver to fulfill the domain name resolution request;
      
      the response or responses from the recursive domain name system (DNS) server are passed back to the client via the said DNS forwarder and the said DNS resolver.
  - 12. the method of claim 11, wherein the DNS forwarder, instead of the DNS resolver, selects the recursive DNS server to fulfill the domain name request.
  - 13. the method of claim 11, wherein the client identity is verified by the DNS resolver in cooperation with the DNS forwarder.
  - 14. the method of claim 11, wherein a plurality of DNS resolvers utilize the same DNS forwarder to communicate with a single or a plurality of recursive DNS name servers.
  - 15. the method of claim 11, wherein responses from a recursive domain name server or a plurality of recursive domain name servers are stored in a local cache in the DNS forwarder.
  - 16. the method of claim 11, wherein the DNS forwarder sends a response directly to the DNS resolver based on data available in the local cache of the DNS forwarder or rules configured for the DNS forwarder, without consulting a recursive domain name server.
  - 17. the method of claim 11, wherein the DNS forwarder, based on client identity and rules configured for the DNS forwarder, sends a DNS query for an alternate domain name in lieu of the original requested domain name to a recursive domain name server.

18. A system for domain name system (DNS) resolution comprising:
- a domain name system (DNS) resolver module to receive domain name system (DNS) resolution requests from a client;
  
  an authentication module that authenticates clients sending domain name system (DNS) resolution requests to the domain name system (DNS) resolver;
  
  a single or a plurality of recursive domain name system (DNS) servers that the domain name system (DNS) resolver is capable of communicating with; and
  
  a configuration module comprising a set of configuration files or a database or other storage that determines the recursive domain name system (DNS) server to use for domain name system (DNS) resolution requests from an authenticated client.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, further comprising a user interface module for managing the configuration module that determines the recursive domain name system (DNS) server to use for domain name system (DNS) resolution requests from an authenticated client.
  - 20. The system of claim 18, further comprising a domain name system (DNS) forwarder through which domain name system (DNS) queries are sent by the domain name system (DNS) resolver to the recursive domain name system (DNS) server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bing Wu
Original Assignee
Bing Wu
Inventors
Wu, Bing

Granted Patent

US 9,973,590 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/08   for authentication of entit...

H04L 67/568   Storing data temporarily at...

User Identity Differentiated DNS Resolution

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

User Identity Differentiated DNS Resolution

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links