×

Verification of DNS accuracy in cache poisoning

  • US 7,930,428 B2
  • Filed: 11/11/2008
  • Issued: 04/19/2011
  • Est. Priority Date: 11/11/2008
  • Status: Active Grant
First Claim
Patent Images

1. A computer executed method for adapting a processor from computer readable media to operate a domain name system (DNS) server apparatus resistant to cache poisoning comprising the following steps:

  • receiving, at a DNS server, a domain name system (dns) request from a resolver;

    replicating the dns request;

    generating a transaction id and source port for a first dns request using a first pseudo-random algorithm and generating a transaction id and source port for a second dns request using a second pseudo-random algorithm;

    transmitting one of the replicated dns requests to a primary server and an other replicated dns request to at least one secondary server;

    blocking a first DNS reply to the resolver until a plurality of DNS replies are received;

    receiving a reply from each of at least two dns servers;

    comparing the reply Internet Protocol (IP) address from a first dns request with the reply from a second dns request; and

    responding to the resolver on the condition that two dns IP address replies match.

View all claims
  • 11 Assignments
Timeline View
Assignment View
    ×
    ×