DNS security system and failure processing method
First Claim
1. A computing device, comprising:
- a memory having instructions stored thereon;
a processor configured to execute the instructions to perform operations for domain name system (DNS security, the operations comprising;
initiating a DNS request;
providing authorization information for the DNS request;
storing all DNS requests and corresponding authorization information in a designated area and generating an authorization information database;
determining whether a DNS resolution failure occurs in a root node, wherein the determining whether a DNS resolution failure occurs in a root node further comprises performing a monitoring on a DNS datagram at an outlet of a critical region of the designated area at a backbone network;
initiating a virtue root node and using the virtual root node to invoke corresponding authorization information from the authorization information database when the DNS resolution failure occurs on the root node; and
providing a resolution service to a corresponding client.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a DNS security system and failure processing method. The DNS security system comprises: at least one client, configured to initiate a DNS request; a root node, configured to provide authorization information to the DNS request; an authorization information database, configured to store all DNS requests and corresponding authorization information in a designated area; a virtual root node, configured to invoke corresponding authorization information from the authorization information database when a DNS resolution failure occurs on the root node, and to provide a resolution service to a corresponding client. Using the present invention enhances the security and stability of DNS resolution.
17 Citations
18 Claims
-
1. A computing device, comprising:
-
a memory having instructions stored thereon; a processor configured to execute the instructions to perform operations for domain name system (DNS security, the operations comprising; initiating a DNS request; providing authorization information for the DNS request; storing all DNS requests and corresponding authorization information in a designated area and generating an authorization information database; determining whether a DNS resolution failure occurs in a root node, wherein the determining whether a DNS resolution failure occurs in a root node further comprises performing a monitoring on a DNS datagram at an outlet of a critical region of the designated area at a backbone network; initiating a virtue root node and using the virtual root node to invoke corresponding authorization information from the authorization information database when the DNS resolution failure occurs on the root node; and providing a resolution service to a corresponding client. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A failure processing method, comprising:
-
obtaining and storing all domain name system (DNS) requests and corresponding authorization information in a designated area, and generating an authorization information database; determining whether a DNS resolution failure occurs in a root node, wherein the determining whether a DNS resolution failure occurs in a root node further comprises performing a monitoring on a DNS datagram at an outlet of a critical region of the designated area at a backbone network; initiating a virtual root node and using the virtual root node to invoke corresponding authorization information stored in the authorization information database in response to a determination that the DNS resolution failure occurs in the root node; and providing a DNS resolution service for a corresponding client. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium having computer programs stored thereon that, when executed by one or more processors of an electronic device, cause the electronic device to perform a failure processing method, the failure processing method comprising:
-
obtaining and storing all domain name system (DNS) requests and corresponding authorization information in a designated area, and generating an authorization information database; determining whether a DNS resolution failure occurs in a root node, wherein the determining whether a DNS resolution failure occurs in a root node further comprises performing a monitoring on a DNS datagram at an outlet of a critical region of the designated area at a backbone network; initiating a virtual root node and using the virtual root node to invoke corresponding authorization information stored in the authorization information database in response to a determination that the DNS resolution failure occurs in the root node; and providing a DNS resolution service for a corresponding client. - View Dependent Claims (16, 17, 18)
-
Specification