Providing privacy enhanced resolution system in the domain name system

US 9,342,698 B2
Filed: 11/03/2014
Issued: 05/17/2016
Est. Priority Date: 12/30/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium encoded with instructions that, when executed on a processor, perform a method of minimizing the disclosure of a domain name contained in a domain name system (DNS) query, the method comprising:

determining a first label and a second label associated with a domain name included in a domain name system (DNS) query;

querying a first nameserver for a first resource record type associated with the first label without revealing information related to the second label by removing information related to the second label from the DNS query;

receiving a first response from the first nameserver, the first response including the first resource record type which directs a resolver to a second nameserver;

querying the second nameserver for a second resource record type associated with the first label and the second label;

receiving a second response from the second nameserver, the second response including the second resource record type; and

transmitting at least the second resource record type in response to the DNS query.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and a non-transitory computer-readable medium may perform a method of minimizing the disclosure of a domain name contained in a DNS query. The method may include determining a first label and a second label associated with a domain name included in a DNS query. A first nameserver may be queried for a first resource record type associated with the first label without revealing information related to the second label by removing information related to the second label from the DNS query. A response may be received from the first nameserver, and the response may include the first resource record type which directs a resolver to a second nameserver. The second nameserver may be queried for a second resource record type associated with the first label and the second label.

Citations

16 Claims

1. A non-transitory computer-readable medium encoded with instructions that, when executed on a processor, perform a method of minimizing the disclosure of a domain name contained in a domain name system (DNS) query, the method comprising:
- determining a first label and a second label associated with a domain name included in a domain name system (DNS) query;
  
  querying a first nameserver for a first resource record type associated with the first label without revealing information related to the second label by removing information related to the second label from the DNS query;
  
  receiving a first response from the first nameserver, the first response including the first resource record type which directs a resolver to a second nameserver;
  
  querying the second nameserver for a second resource record type associated with the first label and the second label;
  
  receiving a second response from the second nameserver, the second response including the second resource record type; and
  
  transmitting at least the second resource record type in response to the DNS query.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer-readable medium of claim 1, the method further comprising generating a false label, wherein the first nameserver is queried for the first resource record type associated with the first label and the false label without revealing information related to the second label by removing information related to the second label from the DNS query.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the first resource record type is selected from the group consisting of an internet protocol address, an address record, a mail exchange record, a service locator record, and a text record.
  - 4. The non-transitory computer-readable medium of claim 1, the method further comprising:
    - determining whether at least one of the first resource record type and the second resource record type is stored in a cache before querying at least one of the first nameserver and the second nameserver.
  - 5. The non-transitory computer-readable medium of claim 1, wherein the resolver is a stub resolver.
  - 6. The non-transitory computer-readable medium of claim 1, wherein the resolver is a recursive resolver.
  - 7. The non-transitory computer-readable medium of claim 1, wherein the first label is separated from the second label.

8. A non-transitory computer-readable medium encoded with instructions that, when executed on a processor, perform a method of minimizing the disclosure of a domain name contained in a domain name system (DNS) query, the method comprising:
- determining a first label and a second label associated with a domain name included in a domain name system (DNS) query;
  
  generating a false label;
  
  querying a first nameserver for a first resource record type associated with the first label and the false label without revealing the second label to the first nameserver by removing information related to the second label from the DNS query, wherein the first nameserver is a root nameserver;
  
  receiving a first response from the first nameserver including the first resource record type, the first resource record type directing a resolver to a second nameserver;
  
  querying the second nameserver for a second resource record type associated with the first label and the second label;
  
  receiving a second response from the second nameserver including the second resource record type; and
  
  transmitting at least the second resource record type in response to the DNS query.
- View Dependent Claims (9, 10, 11)
- - 9. The non-transitory computer-readable medium of claim 8, wherein the first resource record type is selected from the group consisting an internet protocol address, an address record, a mail exchange record, a service locator record, and a text record.
  - 10. The non-transitory computer-readable medium of claim 8, the method further comprising:
    - determining whether at least one of the first resource record type and the second resource record type is stored in a cache before querying at least one of the first nameserver and the second nameserver.
  - 11. The non-transitory computer-readable medium of claim 8, wherein the resolver is one of a stub resolver or a recursive resolver.

12. An apparatus for minimizing the disclosure of a domain name contained in a domain name system (DNS) query, comprising:
- a memory; and
  
  a processor communicatively coupled to the memory, the processor being configured to;
  
  determine a first label and a second label associated with a domain name included in a domain name system (DNS) query;
  
  query a first nameserver for a first resource record type associated with the first label without revealing the second label to the first nameserver by removing information related to the second label from the DNS query;
  
  receive a first response from the first nameserver including the first resource record type, the first resource record type directing a resolver to a second nameserver;
  
  query the second nameserver for a second resource record type associated with the first label and the second label;
  
  receive a second response from the second nameserver including the second resource record type; and
  
  transmit at least the second resource record type in response to the DNS query.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The apparatus of claim 12, wherein the processor is further configured to generate a false label, wherein the first nameserver is queried for the first resource record type associated with the first label and the false label without revealing information related to the second label by removing information related to the second label from the DNS query.
  - 14. The apparatus of claim 12, wherein the first resource record type is selected from the group consisting of an internet protocol address, an address record, a mail exchange record, a service locator record, and a text record.
  - 15. The apparatus of claim 12, wherein the first resource record type is for an authoritative nameserver for the first label.
  - 16. The apparatus of claim 12, wherein the second resource record type is for an authoritative nameserver for a namespace including the first label and the second label.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VeriSign, Inc.
Original Assignee
VeriSign, Inc.
Inventors
McPherson, Danny, Osterweil, Eric
Primary Examiner(s)
Kizou, Hassan
Assistant Examiner(s)
MUSA, ABDELNABI O

Application Number

US14/531,424
Publication Number

US 20150058999A1
Time in Patent Office

561 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/60   Protecting data

H04L 2101/35   containing special prefixes

H04L 61/4511   using domain name system [DNS]

H04L 63/0407   wherein the identity of one...

Providing privacy enhanced resolution system in the domain name system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Providing privacy enhanced resolution system in the domain name system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links