Domain name system security extensions (DNSSEC) for global server load balancing

US 8,549,148 B2
Filed: 10/29/2010
Issued: 10/01/2013
Est. Priority Date: 10/15/2010
Status: Active Grant

First Claim

Patent Images

1. A load balance switch comprising:

a processor; and

a non-transitory computer readable medium having stored thereon instructions that, when executed by the processor, cause the processor to;

reorder network addresses in a resource record set contained in a domain name system security extensions (DNSSEC) reply;

preserve an original signature generated by a DNSSEC-capable device for the resource record set contained in said DNSSEC reply;

modify a time to live (TTL) value, corresponding to at least one of the network addresses and contained in the DNSSEC reply, from an original TTL value to a current TTL value; and

preserve another TTL value for said original signature generated by said DNSSEC-capable device and contained in the DNSSEC reply, said another TTL value having a same value as said original TTL value.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided to enable a network device, such as a switch, to perform global server load balancing (GSLB) while operating as a proxy to a domain name system security extensions (DNSSEC)-capable authoritative DNS server. The network device preserves an original signature generated by the DNSSEC-capable authoritative DNS server for a resource record set contained in a DNSSEC reply.

274 Citations

13 Claims

1. A load balance switch comprising:
- a processor; and
  
  a non-transitory computer readable medium having stored thereon instructions that, when executed by the processor, cause the processor to;
  
  reorder network addresses in a resource record set contained in a domain name system security extensions (DNSSEC) reply;
  
  preserve an original signature generated by a DNSSEC-capable device for the resource record set contained in said DNSSEC reply;
  
  modify a time to live (TTL) value, corresponding to at least one of the network addresses and contained in the DNSSEC reply, from an original TTL value to a current TTL value; and
  
  preserve another TTL value for said original signature generated by said DNSSEC-capable device and contained in the DNSSEC reply, said another TTL value having a same value as said original TTL value.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The load balance switch of claim 1 wherein:
    - said DNSSEC reply is received by said load balance switch from said DNSSEC-capable device, which includes an authoritative DNS server that generated said original signature; and
      
      said original signature is generated using a canonical order of said network addresses and said original TTL value.
  - 3. The load balance switch of claim 2 wherein said load balance switch is configurable as a proxy to said authoritative DNS server so as to forward a DNS query to said authoritative DNS server and to receive the DNSSEC reply generated by said authoritative DNS server in response to the DNS query.
  - 4. The load balance switch of claim 1 wherein said another TTL value is contained in said original signature.
  - 5. The load balance switch of claim 1 wherein said load balance switch is configurable to obtain count data related to load balancing operations or DNSSEC operations.

6. A method comprising:
- reordering, by a load balance switch, network addresses in a resource record set contained in a domain name system security extensions (DNSSEC) reply;
  
  preserving, by the load balance switch, an original signature generated by a DNSSEC-capable device for the resource record set contained in said DNSSEC reply;
  
  modifying, by the load balance switch, a time to live (TTL) value, corresponding to at least one of the network addresses and contained in the DNSSEC reply, from an original TTL value to a current TTL value; and
  
  preserving, by the load balance switch, another TTL value for said original signature generated by said DNSSEC-capable device and contained in the DNSSEC reply, said another TTL value having a same value as said original TTL value.
- View Dependent Claims (7, 8)
- - 7. The method of claim 6, further comprising obtaining, by said load balance switch, count data pertaining to load balancing operations or DNSSEC operations.
  - 8. The method of claim 6 wherein the DNSSEC-capable device includes a DNSSEC-capable authoritative DNS server, and wherein the load balance switch is configurable as a proxy to said authoritative DNS server to forward a DNS query to said authoritative DNS server and to receive the DNSSEC reply generated by said authoritative DNS server in response to the DNS query.

9. A non-transitory computer-readable medium having computer-readable instructions stored thereon that, when executed by a processor, cause the processor to:
- reorder network addresses in a resource record set contained in a domain name system security extensions (DNSSEC) reply;
  
  preserve an original signature generated by a DNSSEC-capable device for the resource record set contained in said DNSSEC replymodify a time to live (TTL) value, corresponding to at least one of the network addresses and contained in the DNSSEC reply, from an original TTL value to a current TTL value; and
  
  preserve another TTL value for said original signature generated by said DNSSEC-capable device and contained in the DNSSEC reply, said another TTL value having a same value as said original TTL value.
- View Dependent Claims (10, 11)
- - 10. The non-transitory computer-readable medium of claim 9 wherein the computer-readable instructions further include instructions that cause the processor to:
    - obtain count data pertaining to load balancing operations or DNSSEC operations.
  - 11. The non-transitory computer-readable medium of claim 9 wherein the DNSSEC-capable device includes a DNSSEC-capable authoritative DNS server, and wherein the load balance switch is configurable as a proxy to said authoritative DNS server to forward a DNS query to said authoritative DNS server and to receive the DNSSEC reply generated by said authoritative DNS server in response to the DNS query.

12. A load balance switch comprising:
- a processor; and
  
  a non-transitory computer readable medium having stored thereon instructions that, when executed by the processor, cause the processor to;
  
  reorder network addresses contained in a domain name system security extensions (DNSSEC) reply, wherein the load balance switch supports DNSSEC without recalculating a signature for a resource record set included in said DNSSEC reply, the resource record set including at least one of the network addresses reordered by the load balance switch;
  
  modify a time to live (TTL) value, corresponding to at least one of the network addresses and contained in the DNSSEC reply, from an original TTL value to a current TTL value; and
  
  preserve another TTL value for said signature and contained in the DNSSEC reply, said another TTL value having a same value as said original TTL value.
- View Dependent Claims (13)
- - 13. The load balance switch of claim 12 wherein the load balance switch is configurable as a proxy to an authoritative DNS server that is DNSSEC-capable to generate the DNSSEC reply that is provided to the load balance switch and that is generated by the authoritative DNS server in response to a DNS query forwarded to the authoritative DNS server by the load balance switch.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Brocade Communications Systems, Inc. (Broadcom, Inc.)
Inventors
Devarapalli, Sridhar J., Joshi, Prajakta S.
Primary Examiner(s)
Dalencourt, Yves

Application Number

US12/916,390
Publication Number

US 20120096166A1
Time in Patent Office

1,068 Days
Field of Search

709/226, 709/249
US Class Current

709/226
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 61/59   using proxies for addressing

H04L 63/0281   Proxies

H04L 63/1441   Countermeasures against mal...

H04L 67/1001   for accessing one among a p...

Domain name system security extensions (DNSSEC) for global server load balancing

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

274 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Domain name system security extensions (DNSSEC) for global server load balancing

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

274 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links