Methods for DNSSEC proxying and deployment amelioration and systems thereof
First Claim
Patent Images
1. A method for providing authenticated domain name service comprising:
- forwarding at a traffic management device a domain name system security extension (DNSSEC) type request for a domain name received from a client device to one or more domain name system (DNS) servers;
receiving at the traffic management device a response for at least a portion of the domain name from the one or more servers, wherein the one or more servers are not domain name system security extension (DNSSEC) compliant;
creating at the traffic management device a resource record when the response is determined to be a denial of existence response for the requested domain name;
generating at the traffic management device a signature and signing the response or the resource record using the signature; and
sending at the traffic management device the signed resource record or response to the client device in response to the request.
0 Assignments
0 Petitions
Accused Products
Abstract
A method, computer readable medium, and device for providing authenticated domain name service includes forwarding at a traffic management device a request for a domain name from a client device to one or more servers coupled to the traffic management device. The traffic management device receives a first response comprising at least a portion of the domain name from the one or more servers. The traffic management device attaches a first signature to the first response when the first response is determined by the traffic management device to be an unauthenticated response, and provides the first response with the first signature to the client device.
-
Citations
36 Claims
-
1. A method for providing authenticated domain name service comprising:
-
forwarding at a traffic management device a domain name system security extension (DNSSEC) type request for a domain name received from a client device to one or more domain name system (DNS) servers; receiving at the traffic management device a response for at least a portion of the domain name from the one or more servers, wherein the one or more servers are not domain name system security extension (DNSSEC) compliant; creating at the traffic management device a resource record when the response is determined to be a denial of existence response for the requested domain name; generating at the traffic management device a signature and signing the response or the resource record using the signature; and sending at the traffic management device the signed resource record or response to the client device in response to the request. - View Dependent Claims (2, 3, 4, 5, 15, 16)
-
-
6. A non-transitory computer readable medium having stored thereon instructions for providing authenticated domain name service comprising machine executable code which when executed by at least one processor, causes the processor to perform steps comprising:
-
forwarding a domain name system security extension (DNSSEC) type request for a domain name received from a client device to one or more domain name system (DNS) servers; receiving a response for at least a portion of the domain name from the one or more servers, wherein the one or more servers are not domain name system security extension (DNSSEC) compliant; creating a resource record when the response is determined to be a denial of existence response for the requested domain name; generating a signature and signing the response or the resource record using the signature; and sending the signed resource record or response to the client device in response to the request. - View Dependent Claims (7, 8, 9)
-
-
10. A traffic management device comprising:
-
at least one processor; and a memory coupled to the at least one processor which is configured to be capable of executing programmed instructions stored in the memory to perform steps comprising; forwarding a domain name system security extension (DNSSEC) type request for a domain name received from a client device to one or more domain name system (DNS) servers; receiving a response for at least a portion of the domain name from the one or more servers, wherein the one or more servers are not domain name system security extension (DNSSEC) compliant; creating a resource record when the response is determined to be a denial of existence response for the requested domain name; generating a signature and signing the response or the resource record using the signature; and sending the signed resource record or response to the client device in response to the request. - View Dependent Claims (11, 12, 13)
-
-
14. A method for providing authenticated domain name service comprising:
-
forwarding at a traffic management device a domain name system security extension (DNSSEC) type request for a domain name received from a client device to a global server load balancer coupled to at least first domain name system (DNS) server that is not DNSSEC compliant and a second DNS server that is DNSSEC compliant; receiving at the traffic management device first and second responses for at least a portion of the domain name from the global server load balancer, wherein the first response is from the first server and the second response is from the second server; generating at the traffic management device a signature and signing the first response using the signature when the first response is determined to be more current than the second response; and sending at the traffic management device the signed first response to the client device in response to the request.
-
-
17. A non-transitory computer readable medium having stored thereon instructions for providing authenticated domain name service comprising machine executable code which when executed by at least one processor, causes the processor to perform steps comprising:
-
forwarding a domain name system security extension (DNSSEC) type request for a domain name received from a client device to a global server load balancer coupled to at least first domain name system (DNS) server that is not DNSSEC compliant and a second DNS server that is DNSSEC compliant; receiving first and second responses for at least a portion of the domain name from the global server load balancer, wherein the first response is from the first server and the second response is from the second server; generating a signature and signing the first response using the signature when the first response is determined to be more current than the second response; and sending the signed first response to the client device in response to the request. - View Dependent Claims (18, 19, 20)
-
-
21. A traffic management device comprising:
-
at least one processor; and a memory coupled to the at least one processor which is configured to be capable of executing programmed instructions stored in the memory to perform steps comprising; forwarding a domain name system security extension (DNSSEC) type request for a domain name received from a client device to a global server load balancer coupled to at least first domain name system (DNS) server that is not DNSSEC compliant and a second DNS server that is DNSSEC compliant; receiving first and second responses for at least a portion of the domain name from the global server load balancer, wherein the first response is from the first server and the second response is from the second server; generating a signature and signing the first response using the signature when the first response is determined to be more current than the second response; and sending the signed first response to the client device in response to the request. - View Dependent Claims (22, 23, 24)
-
-
25. A non-transitory computer readable medium having stored thereon instructions for providing authenticated domain name service comprising machine executable code which when executed by at least one processor, causes the processor to:
-
receive a domain name system security extension (DNSSEC) request for a domain name from a DNSSEC compliant computing device; generate a domain name system (DNS) request corresponding to the DNSSEC request for the domain name; send the DNS request for the domain name to one or more DNS servers that are not DNSSEC compliant; receive a DNS compliant response for at least a portion of the domain name from the one or more DNS servers; create a signed resource record that is DNSSEC compliant when the DNS compliant response from the one or more DNS servers is a denial of existence response for the requested domain name; and send the signed resource record to the requesting DNSSEC compliant computing device. - View Dependent Claims (26, 27, 28, 32)
-
-
29. A method for providing authenticated domain name service implemented by a system comprising one or more network traffic management devices, one or more servers, or one or more clients, the method comprising:
-
receiving a domain name system security extension (DNSSEC) request for a domain name from a DNSSEC compliant computing device; generating a domain name system (DNS) request corresponding to the DNSSEC request for the domain name; sending the DNS request for the domain name to one or more DNS servers that are not DNSSEC compliant; receiving a DNS compliant response for at least a portion of the domain name from the one or more DNS servers; creating a signed resource record that is DNSSEC compliant when the DNS compliant response from the one or more DNS servers is a denial of existence response for the requested domain name; and sending the signed resource record to the requesting DNSSEC compliant computing device. - View Dependent Claims (30, 31)
-
-
33. A system comprising one or more network traffic management devices, one or more servers, or one or more clients, the system comprising:
-
one or more processors; and memory comprising programmed instructions stored in the memory, the one or more processors configured to be capable of executing the programmed instructions stored in the memory to; receive a domain name system security extension (DNSSEC) request for a domain name from a DNSSEC compliant computing device; generate a domain name system (DNS) request corresponding to the DNSSEC request for the domain name; send the DNS request for the domain name to one or more DNS servers that are not DNSSEC compliant; receive a DNS compliant response for at least a portion of the domain name from the one or more DNS servers; create a signed resource record that is DNSSEC compliant when the DNS compliant response from the one or more DNS servers is a denial of existence response for the requested domain name; and send the signed resource record to the requesting DNSSEC compliant computing device. - View Dependent Claims (34, 35, 36)
-
Specification