Domain name system security extensions (DNSSEC) for global server load balancing
First Claim
Patent Images
1. A method comprising:
- receiving, by a load balancer, a Domain Name System Security Extensions (DNSSEC) response from a DNS server that is located remotely from the load balancer over a network, the DNSSEC response including a list of IP addresses and an original security signature associated with the list of IP addresses;
reordering, by the load balancer, the list of IP addresses in the DNSSEC response based on one or more metrics, the reordering being performed while preserving the original security signature; and
transmitting, by the load balancer, the DNSSEC response with the reordered list of IP addresses and the original security signature to a client device that is located remotely from the load balancer over the network.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided to enable a network device, such as a switch, to perform global server load balancing (GSLB) while operating as a proxy to a domain name system security extensions (DNSSEC)-capable authoritative DNS server. The network device preserves an original signature generated by the DNSSEC-capable authoritative DNS server for a resource record set contained in a DNSSEC reply.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving, by a load balancer, a Domain Name System Security Extensions (DNSSEC) response from a DNS server that is located remotely from the load balancer over a network, the DNSSEC response including a list of IP addresses and an original security signature associated with the list of IP addresses; reordering, by the load balancer, the list of IP addresses in the DNSSEC response based on one or more metrics, the reordering being performed while preserving the original security signature; and transmitting, by the load balancer, the DNSSEC response with the reordered list of IP addresses and the original security signature to a client device that is located remotely from the load balancer over the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a processor; and a non-transitory computer readable medium having stored program code which, when executed by the processor, causes the processor to; receive a DNSSEC response from a DNS server that is located remotely from the load balancer over a network, the DNSSEC response including a list of IP addresses and an original security signature associated with the list of IP addresses; reorder the list of IP addresses in the DNSSEC response based on one or more metrics, the reordering being performed while preserving the original security signature; and transmit the DNSSEC response with the reordered list of IP addresses and the original security signature to a client device that is located remotely from the load balancer over the network. - View Dependent Claims (14, 15)
-
-
16. A non-transitory computer readable storage medium having stored thereon program code executable by a load balancer, the program code comprising:
-
code that causes the load balancer to receive a DNSSEC response from a DNS server that is located remotely from the load balancer over a network, the DNSSEC response including a list of IP addresses and an original security signature associated with the list of IP addresses; code that causes the load balancer to reorder the list of IP addresses in the DNSSEC response based on one or more metrics, the reordering being performed while preserving the original security signature; and code that causes the load balancer to transmit the DNSSEC response with the reordered list of IP addresses and the original security signature to a client device that is located remotely from the load balancer over the network. - View Dependent Claims (17, 18, 19, 20)
-
Specification