System and method for inspecting domain name system flows in a network environment
First Claim
1. A method, comprising:
- receiving a first packet associated with a domain name system (DNS) exchange between a subscriber and a DNS server;
maintaining a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a DNS response;
receiving from the subscriber a subsequent packet associated with a subsequent flow;
identifying an IP address within the subsequent packet as being one of the plurality of IP addresses included in the DNS response, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name; and
executing a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on an identity of the subscriber and the domain name correlated to the identified IP address, wherein the policy decision relates to charging a different rate for a particular flow.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is provided in one example and includes receiving a first packet associated with a domain name system (DNS) exchange between a subscriber and a DNS server. A correlation is maintained between a domain name and an Internet protocol (IP) address included in a DNS response. A subsequent packet associated with a subsequent flow is received and the IP address is identified within the subsequent packet. The method further includes executing a policy decision for the subsequent flow based on the correlation between the IP address and the domain name. In more specific embodiments, the correlation is stored in a table that includes a time to live (TTL) parameter associated with the IP address. The IP address within the subsequent packet can be mapped to the domain name in order to apply the policy decision for the subsequent flow.
212 Citations
18 Claims
-
1. A method, comprising:
-
receiving a first packet associated with a domain name system (DNS) exchange between a subscriber and a DNS server; maintaining a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a DNS response; receiving from the subscriber a subsequent packet associated with a subsequent flow; identifying an IP address within the subsequent packet as being one of the plurality of IP addresses included in the DNS response, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name; and executing a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on an identity of the subscriber and the domain name correlated to the identified IP address, wherein the policy decision relates to charging a different rate for a particular flow. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more non-transitory tangible media that includes code for execution and when executed by a processor operable to perform operations comprising:
-
receiving a first packet associated with a domain name system (DNS) exchange between a subscriber and a DNS server; maintaining a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a DNS response; receiving from the subscriber a subsequent packet associated with a subsequent flow; identifying an IP address within the subsequent packet as being one of the plurality of IP addresses included in the DNS response, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name; and executing a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on an identity of the subscriber and the domain name correlated to the identified IP address, wherein the policy decision relates to charging a different rate for a particular flow. - View Dependent Claims (8, 9, 10, 11)
-
-
12. An apparatus, comprising:
-
a memory element configured to store data, a processor operable to execute instructions associated with the data, and an awareness module configured to; receive a first packet associated with a domain name system (DNS) exchange between a subscriber and a DNS server; maintain a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a DNS response; receive from the subscriber a subsequent packet associated with a subsequent flow; identify an IP address within the subsequent packet as being one of the plurality of IP addresses included in the DNS response, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name; and execute a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on an identity of the subscriber and the domain name correlated to the identified IP address, wherein the policy decision relates to charging a different rate for a particular flow. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification