SURROGATE NAME DELIVERY NETWORK

US 20180041466A9
Filed: 10/25/2011
Published: 02/08/2018
Est. Priority Date: 10/26/2010
Status: Active Grant

First Claim

Patent Images

1-12. -12. (canceled)

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing access to an Internet resource includes registering a surrogate nameserver to be an authoritative nameserver in a DNS network, receiving at the surrogate nameserver a DNS query, maintaining at the surrogate nameserver a cache that includes a resolution of the DNS query, and executing at the surrogate nameserver a policy code to make a determination of validity of one or more of the DNS query and the cached resolution.

11 Citations

32 Claims

1-12. -12. (canceled)

13. A method for providing access to an Internet resource comprising:
- maintaining a first nameserver that is registered to be an authoritative nameserver and that includes a cache of DNS resolutions to DNS queries;
  
  accepting at the first nameserver directions pushed by a second nameserver to purge DNS cached resolutions and to blacklist DNS queries;
  
  receiving at the first nameserver a DNS query;
  
  executing at the first nameserver a policy code to determine how to respond to the DNS query, including checking the blacklist and checking for a valid cached resolution; and
  
  responding to the DNS query based at least in part on results of the checking, by throwing a blacklist error, requesting a DNS resolution from the second nameserver or returning the cached resolution.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The method of claim 13, and comprising receiving the policy code at the first nameserver, wherein the policy code includes a set of conditions and actions.
  - 15. The method of claim 13, wherein a hostname specified by the DNS query indicates an infrastructure at which the Internet resource is to be accessed, wherein the checking comprises determining that the DNS query is invalid, and wherein generating the DNS response comprises generating a response that does not allow access to the infrastructure.
  - 16. The method of claim 15, wherein determining that the DNS query is invalid comprises determining that a parameter of the DNS query is on the blacklist.
  - 17. The method of claim 13, wherein the DNS query is received from a web client, and wherein the checking for a valid cached resolution comprises evaluating one or more parameters including a time-to-live value for the cached resolution, a time of receipt of the DNS query, a location of the web client, data in the DNS query, and a measure of system performance.
  - 18. The method of claim 13, wherein the DNS query is a first DNS query, wherein the DNS response is a first DNS response, and wherein generating the first DNS response comprises sending a second DNS query from the first nameserver to an second nameserver, receiving at the first nameserver from the second nameserver an second DNS response that includes a new DNS resolution, and including the new DNS resolution in the first DNS response.
  - 19. The method of claim 13, further comprising receiving a purge command and responsively removing one or more DNS cached resolutions from the cache.
  - 20. The method of claim 13, further comprising generating a report including one or more parameters of the validity determination, said parameters including data in the DNS query, a time of receipt of the DNS query, an origin of the DNS query, and a measure of system performance.
  - 21. The method of claim 13, wherein the DNS query is a first DNS query, and comprising receiving a second DNS query and generating a report including a measure of aggregation of the first and second DNS queries.

22. A system for providing access to an Internet resource comprising:
- a first nameserver, including a cache that holds DNS resolutions of DNS queries;
  
  wherein the first nameserver further includes memory holding a policy code to make a policy-based determination of validity of one or more of the DNS queries and the cached resolutions;
  
  wherein the first nameserver further includes processor resources to receive directions pushed by a second nameserver to purge DNS cached resolutions and to blacklist DNS queries;
  
  wherein the first nameserver further includes processor resources to receive a DNS query directed to an authoritative DNS server, execute the policy code, determine validity of the DNS query, and responsively generate or suppress a DNS response to the DNS query.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The system of claim 22, wherein the first nameserver further includes a port used to receive the policy code.
  - 24. The system of claim 22, wherein a hostname specified by the DNS query indicates an infrastructure at which the Internet resource is to be accessed, wherein determination of the validity comprises determination that the DNS query is invalid, and wherein generation of the DNS response comprises generating a response that does not allow access to the infrastructure.
  - 25. The system of claim 24, wherein determination that the DNS query is invalid comprises determination that a parameter of the DNS query is on the blacklist.
  - 26. The system of claim 22, wherein the DNS query is received from a web client, and wherein determination of the validity of the cached resolution comprises evaluation one or more parameters including a time-to-live value for the cached resolution, a time of receipt of the DNS query, a location of the web client, data in the DNS query, and a measure of system performance.
  - 27. The system of claim 22, wherein the DNS query is a first DNS query, wherein the DNS response is a first DNS response, and wherein the processor resources to generate the first DNS response include resources to send a second DNS query to an second nameserver, receive from the second nameserver an second DNS response that includes a new DNS resolution, and include the new DNS resolution in the first DNS response.
  - 28. The system of claim 22, first nameserver further includes processor resources to generate a report including one or more parameters of the validity determination, said parameters including data in the DNS query, a time of receipt of the DNS query, a location of the web client, and a measure of system performance.
  - 29. The system of claim 22, wherein the DNS query is a first DNS query, and first nameserver further includes processor resources to receive a second DNS query and generate a report including a measure of aggregation of the first and second DNS queries.

30. A computer program product comprising a computer readable non-transitory storage medium, which includes a computer readable program that when executed on a processor causes the processor to:
- maintain a cache that includes DNS resolutions of DNS queries;
  
  accept directions pushed by a second nameserver to purge DNS cached resolutions and to blacklist DNS queries;
  
  receive a DNS query;
  
  execute a policy code to determine how to respond to the DNS query, including checking the blacklist and checking for a valid cached resolution; and
  
  respond to the DNS query and based on results of the checking, by throwing a blacklist error, requesting a DNS resolution from the second nameserver or returning the cached resolution.
- View Dependent Claims (31, 32)
- - 31. The computer program product of claim 30, wherein a hostname specified by the DNS query indicates an infrastructure at which the Internet resource is to be accessed, wherein determination of the validity comprises determination that the DNS query is invalid, and wherein generation of the DNS response comprises generating a response that does not allow access to the infrastructure.
  - 32. The computer program product of claim 30, wherein the DNS query is a first DNS query, wherein the DNS response is a first DNS response, and wherein the computer readable program further causes the processor to generate the first DNS response include resources to send a second DNS query to an second nameserver, receive from the second nameserver an second DNS response that includes a new DNS resolution, and include the new DNS resolution in the first DNS response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Cedexis Incorporated (Cloud Software Group)
Inventors
Kagan, Martin

Granted Patent

US 9,906,488 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

H04L 2101/35   containing special prefixes

H04L 47/24   Traffic characterised by sp...

H04L 61/302   Administrative registration...

H04L 61/4511   using domain name system [DNS]

H04L 61/4552   Lookup mechanisms between a...

H04L 61/58   Caching of addresses or names

H04L 67/30   Profiles

SURROGATE NAME DELIVERY NETWORK

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

SURROGATE NAME DELIVERY NETWORK

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links