Method, apparatus and system for anti-attacking in domain name system (DNS)

  • US 11,044,262 B2
  • Filed: 02/28/2018
  • Issued: 06/22/2021
  • Est. Priority Date: 06/23/2017
  • Status: Active Grant
First Claim
Patent Images

1. A domain name system (DNS) anti-attacking method, comprising:

  • receiving, by a recursive server, a domain name search request message, wherein the domain name search request message contains a domain name that is un-cached in the recursive server;

    determining, by the recursive server, a second authoritative domain name server according to a first name server (NS) corresponding to the domain name and an address (A) record of the first NS corresponding to the domain name, wherein the second authoritative domain name server is an authoritative domain name server that has successfully parsed similar domain name as the domain name and is recorded in the recursive server;

    determining, by the recursive server, a first authoritative domain name server according to a first NS record and the A record of the first NS corresponding to the domain name when the recursive server does not receive a message returned by the second authoritative domain name server, wherein the second NS record does not include the second authoritative domain name server;

    determining, by the recursive server, the first authoritative domain name server according to a first name server (NS) the first NS record and an address (A) the A record of the first NS name server (NS) corresponding to the domain name and sending by the recursive server the domain name search request message to the first authoritative domain name server;

    receiving, by the recursive server, the A record of the domain name, a second NS record and an A record of the second NS returned from the first authoritative domain name server, wherein the second NS record records an authoritative domain name server that is used to parse the domain name and is at a normal working status; and

    substituting, by the recursive server, the first NS record with the second NS record and caching the A record of the second NS.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×