DNS flood protection platform for a network

US 8,261,351 B1
Filed: 01/22/2008
Issued: 09/04/2012
Est. Priority Date: 01/22/2008
Status: Active Grant

First Claim

Patent Images

1. A non-transitory, machine-readable storage medium having machine-executable instructions stored thereon, which when executed by at least one processor, causes the at least one processor to perform one or more actions to enable a domain name resolution, comprising:

receiving a request to resolve a domain name;

if a first condition is valid;

in response to the request, sending an alias domain name;

receiving another request, wherein the other request is to resolve the alias domain name; and

if the other request is valid based in part on evaluating an address associated with a source of the request to resolve the domain name that is embedded within the alias domain name with another address associated with a source of the other request, providing a resolution response to the alias domain name using a resolution of the domain name; and

if the first condition is invalid, providing a response associated with the domain name.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed towards providing protection to DNS servers against DNS flood attacks by causing a requesting device to perform multiple DNS lookup requests for resolving a resource record. A request from a network device for a resolution of a domain name may be received by a device interposed between the requesting network device and a DNS server. Upon receiving the request to resolve the domain name, the interposed device may respond with a CNAME that includes a cookie. The requesting device may then send another request that includes the cookie preceded CNAME. The interposed device may then validate the returned cookie returned in the CNAME and if valid, forward the domain name resolution request on to a DNS server. The response may then be forwarded to the requesting device.

Citations

13 Claims

1. A non-transitory, machine-readable storage medium having machine-executable instructions stored thereon, which when executed by at least one processor, causes the at least one processor to perform one or more actions to enable a domain name resolution, comprising:
- receiving a request to resolve a domain name;
  
  if a first condition is valid;
  
  in response to the request, sending an alias domain name;
  
  receiving another request, wherein the other request is to resolve the alias domain name; and
  
  if the other request is valid based in part on evaluating an address associated with a source of the request to resolve the domain name that is embedded within the alias domain name with another address associated with a source of the other request, providing a resolution response to the alias domain name using a resolution of the domain name; and
  
  if the first condition is invalid, providing a response associated with the domain name.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The non-transitory, machine-readable storage medium of claim 1, wherein sending an alias domain name further comprises sending a canonical name (CNAME) record with the alias domain name configured based on at least one of a random value or a sub-domain name.
  - 3. The non-transitory, machine-readable storage medium of claim 1, wherein the first condition further comprises at least one of detecting a network load above a first threshold, detecting a load above a second threshold on the at least one processor, detecting a denial of service attack, or receiving indication of a security threat.
  - 4. The non-transitory, machine-readable storage medium of claim 1, wherein at least a portion of the alias domain name is encrypted.
  - 5. The non-transitory, machine-readable storage medium of claim 1, wherein providing a resolution response to the alias domain name using a resolution of the domain name further comprises providing the response to the alias domain name using a response associated with the domain name.

6. A method of managing a request for a domain name resolution over a network, comprising:
- receiving a first query request to resolve a domain name;
  
  mapping the domain name to an alias domain name;
  
  responding to the first query request with the alias domain name;
  
  receiving a second query request to resolve the alias domain name; and
  
  if the second query request is valid based in part on evaluating an address associated with the first query request that is embedded within the alias domain name with another address associated with a source of the second query request, providing a resolution response for the alias domain name based on a resolution of the domain name.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein responding to the first query request further comprises responding with a CNAME record that includes the alias domain name.
  - 8. The method of claim 6, wherein the alias domain name includes a cookie, the cookie comprising at least one of a random value, an encrypted value, or a sub-domain name.
  - 9. The method of claim 6, wherein if the second query request is valid further comprises determining if the second query request includes the alias domain name and is received within a defined time to live.

10. A system for managing a request for a domain name resolution, comprising:
- a domain name system (DNS) server that is configured to enable resolution of a domain name; and
  
  a network device that is interposed between a requestor and the DNS server, and is configured to perform actions, including;
  
  receiving a request to resolve a domain name;
  
  in response to the request, providing an alias domain name;
  
  receiving a request to resolve the alias domain name; and
  
  if the request to resolve the alias domain name is valid based in part on evaluating an address of a source sending the request to resolve the domain name that is embedded within the alias domain name with another address associated with a source of the request to resolve the alias domain name;
  
  sending the domain name to the DNS server for resolution;
  
  receiving an response for the domain name; and
  
  responding to the request to resolve the alias domain name by providing the response to the domain name for the alias domain name.
- View Dependent Claims (11, 12, 13)
- - 11. The system of claim 10, wherein providing an alias domain name further comprises providing a CNAME record with the alias domain name.
  - 12. The system of claim 10, wherein if the request to resolve the alias domain name is valid further comprises determining if the request to resolve the alias domain name is received within a defined time to live.
  - 13. The system of claim 10, wherein the alias domain name further comprises at least in part, at least one of a random value, a sub-domain name, or a network address associated with the requestor of the request to resolve the domain name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Thornewell, Peter M., Golden, Lisa M.
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US12/018,031
Time in Patent Office

1,687 Days
Field of Search

726/23, 726/13, 726/14, 713/153, 713/162, 713/168, 713/189, 709/203, 709/219
US Class Current

726/23
CPC Class Codes

H04L 61/4511 using domain name system [DNS]

H04L 63/1458 Denial of Service

DNS flood protection platform for a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

DNS flood protection platform for a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links