DNS flood protection platform for a network
First Claim
1. A network device for managing a resource record request over a network, comprising:
- a memory arranged to store data and instructions; and
a processor arranged to enable actions embodied by at least a portion of the stored instructions, the actions comprising;
receiving, from a requestor, a resource record query to resolve a first resource record;
determining whether to perform a double-query challenge on the first resource record based on at least a load of the processor being above a threshold;
if the double-query challenge is performed;
determining a mapping of the first resource record to a second resource record that includes an embedded cookie within the second resource record, the cookie further includes a time to live (TTL) within which a response record query is to be received;
providing a response that includes the mapping to the second resource record without resolving the first resource record;
receiving the resource record query to resolve the second resource record; and
if the request to resolve the second resource record is valid based in part on evaluating an address associated with the requestor that is embedded in the second resource record with another address associated with a source of the query to resolve the second resource record, and further determining that the request is valid based on being received within the TTL, providing a resource record resolution response based on resolution of the first resource record; and
otherwise, providing a resolution response of the first resource record.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments are directed towards providing protection to DNS servers against DNS flood attacks by causing a requesting device to perform multiple DNS lookup requests for resolving a resource record. A request from a network device for a resolution of a domain name may be received by a device interposed between the requesting network device and a DNS server. Upon receiving the request to resolve the domain name, the interposed device may respond with a CNAME that includes a cookie. The requesting device may then send another request that includes the cookie preceded CNAME. The interposed device may then validate the returned cookie returned in the CNAME and if valid, forward the domain name resolution request on to a DNS server. The response may then be forwarded to the requesting device.
-
Citations
15 Claims
-
1. A network device for managing a resource record request over a network, comprising:
-
a memory arranged to store data and instructions; and a processor arranged to enable actions embodied by at least a portion of the stored instructions, the actions comprising; receiving, from a requestor, a resource record query to resolve a first resource record; determining whether to perform a double-query challenge on the first resource record based on at least a load of the processor being above a threshold; if the double-query challenge is performed; determining a mapping of the first resource record to a second resource record that includes an embedded cookie within the second resource record, the cookie further includes a time to live (TTL) within which a response record query is to be received; providing a response that includes the mapping to the second resource record without resolving the first resource record; receiving the resource record query to resolve the second resource record; and if the request to resolve the second resource record is valid based in part on evaluating an address associated with the requestor that is embedded in the second resource record with another address associated with a source of the query to resolve the second resource record, and further determining that the request is valid based on being received within the TTL, providing a resource record resolution response based on resolution of the first resource record; and otherwise, providing a resolution response of the first resource record. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A physical apparatus having machine-executable instructions stored thereon, which when executed by at least one processor within a network device, causes the at least one processor to perform actions, comprising:
-
receiving, from a requestor, a resource record query to resolve a first resource record; determining whether to perform a double-query challenge on the first resource record based on at least a load of the at least one processor being above a threshold; if the double-query challenge is performed; determining a mapping of the first resource record to a second resource record; providing a response that includes a mapping to the second resource record without resolving the first resource record, wherein the second resource record includes an embedded cookie within the second resource record, the cookie further includes a time to live (TTL) within which a response record query is to be received; receiving the resource record query to resolve the second resource record; and if the request to resolve the second resource record is valid based in part on evaluating an address associated with the requestor that is embedded in the second resource record with another address associated with a source of the query to resolve the second resource record, and further determining that the request is valid based on being received within the TTL, providing a resource record resolution response based on resolution of the first resource record, otherwise, providing a resolution response of the first resource record; and wherein the actions above are performed by the at least one processor operating within the network device. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A system, comprising:
-
a domain name system server configured to enable resolution of records; and a network device having a processor that performs actions, including; receiving, from a requestor, a resource record query to resolve a first resource record; determining whether to perform a double-query challenge on the first resource record based on at least a load of the processor being above a threshold; if the double-query challenge is performed; determining a mapping of the first resource record to a second resource record, wherein the first resource record and the second resource record are at a same protocol layer, wherein the second resource record includes an embedded cookie within the second resource record, the cookie further includes a time to live (TTL) within which a response record query is to be received; providing a response that includes the mapping to the second resource record; receiving the resource record query to resolve the second resource record; and if the request to resolve the second resource record is valid based in part on evaluating an address associated with the requestor that is embedded in the second resource record with another address associated with a source of the query to resolve the second resource record, and further determining that the request is valid based on being received within the TTL, providing a resource record resolution response based on resolution of the first resource record; and otherwise, providing a resolution response of the first resource record. - View Dependent Claims (13, 14, 15)
-
Specification