Authenticated domain name resolution
First Claim
1. In an authoritative name server configured to resolve one or more domain names, a method of selectively resolving a domain name so that a client requesting resolution of the domain name receives a domain name system response based on the client'"'"'s authorization, the method comprising acts of:
- at an authoritative name server, receiving, from a client, a first request to resolve a domain name into a corresponding domain name system response, the authoritative name server receiving the first request being capable of resolving the domain name into the corresponding domain name system response;
at the authoritative name server, sending, to the client, a first response identifying the authoritative name server sending the first response and indicating that the authoritative name server was unable to retrieve the requested domain name system response corresponding to the domain name;
at the authoritative name server, receiving, from the client, a subsequent request to resolve the domain name into a corresponding domain name system response, and the subsequent request having been sent by the client in response to the first response indicating that the authoritative name server was unable to retrieve the requested domain name system response;
at the authoritative name server, receiving client authentication from the client;
based on the received client authentication, determining at the authoritative name server that the client is authorized to receive the domain name response corresponding to the domain name; and
sending the corresponding domain name system response to the client.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products for resolving domain name system records based on client authentication. Basing domain name resolution on client authentication provides remote clients with the convenience of domain names, without sacrificing the security of keeping potentially sensitive domain names private. An authoritative name server receives requests for domain name resolution from clients. For requests without client authentication, the authoritative name server responds that the domain name cannot be found. This response identifies the authoritative name server to the client so that the client can submit subsequent requests with client authentication. For requests with client authentication, the authoritative name server responds with the corresponding domain name addresses. Client may communicate domain name resolution requests directly to the authoritative name server or indirection, through one or more intermediate domain name servers. Client authentication may occur over a secure connection with the authoritative name server.
-
Citations
53 Claims
-
1. In an authoritative name server configured to resolve one or more domain names, a method of selectively resolving a domain name so that a client requesting resolution of the domain name receives a domain name system response based on the client'"'"'s authorization, the method comprising acts of:
-
at an authoritative name server, receiving, from a client, a first request to resolve a domain name into a corresponding domain name system response, the authoritative name server receiving the first request being capable of resolving the domain name into the corresponding domain name system response; at the authoritative name server, sending, to the client, a first response identifying the authoritative name server sending the first response and indicating that the authoritative name server was unable to retrieve the requested domain name system response corresponding to the domain name; at the authoritative name server, receiving, from the client, a subsequent request to resolve the domain name into a corresponding domain name system response, and the subsequent request having been sent by the client in response to the first response indicating that the authoritative name server was unable to retrieve the requested domain name system response; at the authoritative name server, receiving client authentication from the client; based on the received client authentication, determining at the authoritative name server that the client is authorized to receive the domain name response corresponding to the domain name; and sending the corresponding domain name system response to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. In an authoritative name server configured to resolve one or more domain name system records, a method of selectively resolving a domain name system record so that a client requesting resolution of the domain name system record receives a domain name system response based on the client'"'"'s authorization, the method comprising acts of:
-
at an authoritative name server, receiving, from a client, a first request to resolve a domain name system record into a corresponding domain name system response, the authoritative name server receiving the first request being capable of resolving the domain name system record into the corresponding domain name system response, and the first request being received via a first communication path; at the authoritative name server, sending, to the client, a first response identifying the authoritative name server sending the first response and indicating that the authoritative name server was unable to retrieve the requested domain name system response corresponding to the domain name system record; at the authoritative name server, receiving, from the client, a second request to resolve the domain name system record into a corresponding domain name system response, the second request having been made via a second communication path, and the second request having been sent by the client in response to the first response indicating that the authoritative name server was unable to retrieve the requested domain name system response; at the authoritative name server, receiving client authentication from the client; based on the received client authentication, determining at the authoritative name server that the client is authorized to receive the domain name response corresponding to the domain name system record; and sending the corresponding domain name system response to the client; wherein the first communication path over which the authoritative name server receives the first request includes a path through one or more domain name cache servers, and wherein the second communication path bypasses the one or more domain name cache servers for a direct connection between the client and the authoritative name server.
-
-
21. In a client capable of establishing a connection with an authoritative name server that resolves at least one domain name into at least one domain name address, wherein the authoritative name server only resolves domain names into the corresponding domain name addresses for authorized clients, a method of requesting, from the authoritative name server, a domain name address that corresponds to a domain name, the method comprising acts of:
-
a client sending an initial request, to resolve a domain name into a corresponding domain name address, to an authoritative name server capable of resolving the domain name into the domain name address, the initial request being sent without client authentication; the client receiving an initial response from the authoritative name server indicating that the domain name address is unknown to the authoritative name server; determining, by the client, that client authentication is needed to receive the domain name address from the authoritative name server; sending to the authoritative name server a subsequent request, the subsequent request including client authentication, to resolve the domain name into the corresponding domain name address; and in response to having sent the subsequent request including client authentication, receiving the corresponding domain name address in a subsequent response sent from the authoritative name server. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. In a client capable of establishing a connection with an authoritative name server that resolves at least one domain name into at least one domain name address, wherein the authoritative name server only resolves domain names into the corresponding domain name addresses for authorized clients, a method of requesting, from the authoritative name server, a domain name address that corresponds to a domain name, the method comprising acts of:
-
a client sending an initial request, to resolve a domain name into a corresponding domain name address, to an authoritative name server capable of resolving the domain name into the domain name address, the initial request being sent without client authentication; the client receiving an initial response from the authoritative name server indicating that the domain name address is unknown to the authoritative name server; in response to receiving the initial response indicating that the domain name address is unknown to the authoritative name server, the client establishing a direct connection with the authoritative name server; determining, by the client, that client authentication is needed to receive the domain name address from the authoritative name server; sending, by the client, client authentication to the authoritative name server over the direct connection; sending a subsequent request, to resolve the domain name into the corresponding domain name address, to the authoritative name server; and in response to having sent client authentication, receiving the corresponding domain name address in a subsequent response sent from the authoritative name server; wherein the initial request is directed through a domain name server to the authoritative name server because the authoritative name server is unknown, the domain name server identifying the authoritative name server and directing the initial request to the authoritative name server, the method further comprising an act of the client discovering the authoritative name server from the initial response from the authoritative name server indicating that the domain name address is unknown.
-
-
37. In an authoritative name server configured for resolving domain name addresses, a method for selectively resolving one or more client-requested domain names so that the client receives one or more corresponding domain name addresses only if the client is authorized, the method comprising steps for:
-
for one or more unauthenticated requests, originating from one or more unauthenticated clients, to resolve one or more domain names, an authoritative name server capable of resolving the one or more domain names into corresponding one or more domain name addresses responding to the one or more unauthenticated clients that the one or more domain name addresses are unknown because the one or more unauthenticated clients have not provided client authentication to the authoritative name server; in response to the one or more unauthenticated requests originating from the one or more unauthenticated clients, receiving one or more subsequent requests over a direct connection with the one or more unauthenticated clients receiving, by the authoritative name server, client authentication such that the one or more subsequent requests are one or more authenticated requests; and for the one or more authenticated requests originating from one or more authenticated clients, to resolve the one or more domain names, the authoritative name server responding to the one or more authenticated clients with one or more domain name addresses corresponding to the one or more domain names because the one or more authenticated clients provided client authentication to the authoritative name server. - View Dependent Claims (38, 39, 40, 41, 42)
-
-
43. For a client capable of establishing a connection with an authoritative name server that resolves at least one domain name into at least one domain name address, wherein the authoritative name server only resolves domain names into the corresponding domain name addresses for authorized clients, a computer program product comprising one or more computer readable storage media having stored thereon computer executable instructions that implement a method of requesting, from the authoritative name server, a domain name address that corresponds to a domain name, the method comprising acts of:
-
a client sending an initial request, to resolve a domain name into a corresponding domain name address, to an authoritative name server capable of resolving the domain name into the domain name address, the initial request being sent without client authentication; the client receiving an initial response from the authoritative name server indicating that the domain name address is unknown to the authoritative name server capable of resolving the domain name into the domain name address; in response to receiving the initial response indicating that the domain name address is unknown to the authoritative name server, the client establishing a direct connection with the authoritative name server; determining, by the client, that client authentication is needed to receive the domain name address from the authoritative name server; sending, by the client, client authentication to the authoritative name server over the direct connection; sending a subsequent request;
to resolve the domain name into the corresponding domain name address, to the authoritative name server; andin response to having sent client authentication, receiving the corresponding domain name address in a subsequent response sent from the authoritative name server; wherein the initial request is directed through a domain name server to the authoritative name server because the authoritative name server is unknown, the domain name server identifying the authoritative name server and directing the initial request to the authoritative name server, the method further comprising an act of the client discovering the authoritative name server from the initial response from the authoritative name server indicating that the domain name address is unknown.
-
-
44. In a client capable of establishing a connection with one or more name servers that resolve at least one domain name into at least one domain name address, wherein at least one name server resolves domain name system records based on client authentication, a method of requesting one or more domain name addresses for one or more domain names, the method comprising acts of:
-
identifying an authoritative name server for a domain of interest, wherein the authoritative name server for the domain of interest is identified to the client in a message from the authoritative name server which indicates that the authoritative name server could not find a domain address for the domain of interest; in response to receiving the message indicating that the authoritative name server could not find the domain name address for the domain of interest, establishing a secure connection with the authoritative name server; sending client authentication to the authoritative name server over the secure connection; requesting, from the authoritative name server, one or more domain name addresses for one or more domain names; and based on the client authentication, receiving from the authoritative name server at least one domain name address for the one or more domain names. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53)
-
Specification