Methods and systems for addressing DNS rebinding
First Claim
Patent Images
1. A computer-implemented method comprising:
- detecting a resolution of an internet address to a first computing-device address, the internet address being associated with a first domain;
storing a domain-name record, the domain-name record associating the internet address with the first computing-device address;
using the domain-name record to bind the first domain to the first computing-device address;
preventing, until a request to leave the first domain is detected, the first domain from being rebound to a second computing-device address;
wherein;
using the domain-name record to bind the first domain to the first computing-device address comprises providing the domain-name record in response to a subsequent domain-name-service query for the first domain;
preventing the first domain from being rebound comprises;
prohibiting, until the request to leave the first domain is detected, modification of the domain-name record;
the request to leave the first domain comprises at least one of;
a request to navigate to a second domain;
a request to terminate a browser window;
a request to terminate a browser tab.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method comprising detecting a resolution of an internet address to a first computing-device address, the internet address being associated with a first domain. The method may also comprise storing a domain-name record, the domain-name record associating the internet address with the first computing-device address. The method may comprise using the domain-name record to bind the first domain to the first computing-device address and preventing, until a request to leave the first domain is detected, the first domain from being rebound to a second computing-device address. Systems and computer-readable media for addressing DNS rebinding are also disclosed.
57 Citations
16 Claims
-
1. A computer-implemented method comprising:
-
detecting a resolution of an internet address to a first computing-device address, the internet address being associated with a first domain; storing a domain-name record, the domain-name record associating the internet address with the first computing-device address; using the domain-name record to bind the first domain to the first computing-device address; preventing, until a request to leave the first domain is detected, the first domain from being rebound to a second computing-device address;
wherein;
using the domain-name record to bind the first domain to the first computing-device address comprises providing the domain-name record in response to a subsequent domain-name-service query for the first domain;
preventing the first domain from being rebound comprises;
prohibiting, until the request to leave the first domain is detected, modification of the domain-name record;
the request to leave the first domain comprises at least one of;
a request to navigate to a second domain;
a request to terminate a browser window;
a request to terminate a browser tab. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
a browser plug-in for a network browser, the browser plug-in comprising; a detection module configured to detect a resolution of an internet address to a first computing-device address, the internet address being associated with a first domain; a domain-name record cache configured to store a domain-name record, the domain-name record associating the internet address with the first computing-device address; a domain-name-system response module configured to use the domain-name record to bind the first domain to the first computing-device address by providing the domain-name record in response to a domain-name-service query for the first domain; a security module configured to prevent, until the browser leaves the first domain, the first domain from being rebound to a second computing-device address; at least one processor configured to execute the browser plug-in;
wherein the browser plug-in comprises a browser-helper object;
the Internet address comprises at least one of a uniform resource identifier and a uniform resource locator; and
the first computing-device address comprises an internet protocol address. - View Dependent Claims (13, 14)
-
-
15. A system comprising:
-
a domain-name-system proxy installed at a kernel level, the domain-name-system proxy comprising; a detection module configured to detect a resolution of an internet address to a first computing-device address, the internet address being associated with a first domain; a domain-name record cache configured to store a domain-name record, the domain-name record associating the internet address with the first computing-device address; a domain-name-system response module configured to use the domain-name record to bind the first domain to the first computing-device address by providing the domain-name record in response to a domain-name-service query for the first domain; a security module configured to prevent, until a request to leave the first domain is detected, the first domain from being rebound to a second computing-device address; at least one processor configured to execute the domain-name-system proxy;
wherein a browser plug-in comprises the domain-name-system response module and the security module; and
wherein the browser plug-in is configured to communicate with the domain-name-system proxy. - View Dependent Claims (16)
-
Specification