Domain name system security extensions (DNSSEC) for global server load balancing
First Claim
Patent Images
1. A load balance switch comprising:
- a processor; and
a non-transitory computer readable medium having stored thereon instructions that, when executed by the processor, cause the processor to;
reorder network addresses in a resource record set contained in a domain name system security extensions (DNSSEC) reply;
preserve an original signature generated by a DNSSEC-capable device for the resource record set contained in said DNSSEC reply;
modify a time to live (TTL) value, corresponding to at least one of the network addresses and contained in the DNSSEC reply, from an original TTL value to a current TTL value; and
preserve another TTL value for said original signature generated by said DNSSEC-capable device and contained in the DNSSEC reply, said another TTL value having a same value as said original TTL value.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided to enable a network device, such as a switch, to perform global server load balancing (GSLB) while operating as a proxy to a domain name system security extensions (DNSSEC)-capable authoritative DNS server. The network device preserves an original signature generated by the DNSSEC-capable authoritative DNS server for a resource record set contained in a DNSSEC reply.
274 Citations
13 Claims
-
1. A load balance switch comprising:
-
a processor; and a non-transitory computer readable medium having stored thereon instructions that, when executed by the processor, cause the processor to; reorder network addresses in a resource record set contained in a domain name system security extensions (DNSSEC) reply; preserve an original signature generated by a DNSSEC-capable device for the resource record set contained in said DNSSEC reply; modify a time to live (TTL) value, corresponding to at least one of the network addresses and contained in the DNSSEC reply, from an original TTL value to a current TTL value; and preserve another TTL value for said original signature generated by said DNSSEC-capable device and contained in the DNSSEC reply, said another TTL value having a same value as said original TTL value. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
reordering, by a load balance switch, network addresses in a resource record set contained in a domain name system security extensions (DNSSEC) reply; preserving, by the load balance switch, an original signature generated by a DNSSEC-capable device for the resource record set contained in said DNSSEC reply; modifying, by the load balance switch, a time to live (TTL) value, corresponding to at least one of the network addresses and contained in the DNSSEC reply, from an original TTL value to a current TTL value; and preserving, by the load balance switch, another TTL value for said original signature generated by said DNSSEC-capable device and contained in the DNSSEC reply, said another TTL value having a same value as said original TTL value. - View Dependent Claims (7, 8)
-
-
9. A non-transitory computer-readable medium having computer-readable instructions stored thereon that, when executed by a processor, cause the processor to:
-
reorder network addresses in a resource record set contained in a domain name system security extensions (DNSSEC) reply; preserve an original signature generated by a DNSSEC-capable device for the resource record set contained in said DNSSEC reply modify a time to live (TTL) value, corresponding to at least one of the network addresses and contained in the DNSSEC reply, from an original TTL value to a current TTL value; and preserve another TTL value for said original signature generated by said DNSSEC-capable device and contained in the DNSSEC reply, said another TTL value having a same value as said original TTL value. - View Dependent Claims (10, 11)
-
-
12. A load balance switch comprising:
-
a processor; and a non-transitory computer readable medium having stored thereon instructions that, when executed by the processor, cause the processor to; reorder network addresses contained in a domain name system security extensions (DNSSEC) reply, wherein the load balance switch supports DNSSEC without recalculating a signature for a resource record set included in said DNSSEC reply, the resource record set including at least one of the network addresses reordered by the load balance switch; modify a time to live (TTL) value, corresponding to at least one of the network addresses and contained in the DNSSEC reply, from an original TTL value to a current TTL value; and preserve another TTL value for said signature and contained in the DNSSEC reply, said another TTL value having a same value as said original TTL value. - View Dependent Claims (13)
-
Specification