METHOD, APPARATUS AND SYSTEM FOR ANTI-ATTACKING IN DOMAIN NAME SYSTEM (DNS)

US 20190394217A1
Filed: 02/28/2018
Published: 12/26/2019
Est. Priority Date: 06/23/2017
Status: Active Grant

First Claim

Patent Images

1. A domain name system (DNS) anti-attacking method, comprising:

receiving, by a recursive server, a domain name search request message, wherein the domain name search request message contains a domain name that is un-cached in the recursive server;

determining, by the recursive server, a first authoritative domain name server according to a first name server (NS) record and an address (A) record of a first name server (NS) corresponding to the domain name and sending by the recursive server the domain name search request message to the first authoritative domain name server;

receiving, by the recursive server, the A record of the domain name, a second NS record and an A record of the second NS returned from the first authoritative domain name server, wherein the second NS record records an authoritative domain name server that is used to parse the domain name and is at a normal working status; and

substituting, by the recursive server, the first NS record with the second NS record and caching the A record of the second NS.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a DNS anti-attacking method, including receiving a domain name search request message by a recursive server; determining a first authoritative domain name server according to the first NS record and the A record of the first NS corresponding to the domain name and sending a domain name search request message to the first authoritative domain name server by the recursive server; receiving the A record of the domain name, a second NS record and an A record of the second NS returned from the first authoritative domain name server by the recursive server, wherein the second NS record records the authoritative domain name server used to parse the domain name and working at the normal status; and substituting the first NS record with the second NS record and caching the A record of the second NS by the recursive server.

2 Citations

19 Claims

1. A domain name system (DNS) anti-attacking method, comprising:
- receiving, by a recursive server, a domain name search request message, wherein the domain name search request message contains a domain name that is un-cached in the recursive server;
  
  determining, by the recursive server, a first authoritative domain name server according to a first name server (NS) record and an address (A) record of a first name server (NS) corresponding to the domain name and sending by the recursive server the domain name search request message to the first authoritative domain name server;
  
  receiving, by the recursive server, the A record of the domain name, a second NS record and an A record of the second NS returned from the first authoritative domain name server, wherein the second NS record records an authoritative domain name server that is used to parse the domain name and is at a normal working status; and
  
  substituting, by the recursive server, the first NS record with the second NS record and caching the A record of the second NS.
- View Dependent Claims (2, 3, 4, 9, 13, 14)
- - 2. The method according to claim 1, before determining, by the recursive server, the first authoritative domain name server according to the first NS record and the A record of the first NS corresponding to the domain name, further comprising:
    - determining, by the recursive server, a second authoritative domain name server according to the first NS record and the A record of the first NS corresponding to the domain name, wherein the second authoritative domain name server is an authoritative domain name server that has successfully parsed similar domain name as the domain name and is recorded in the recursive server; and
      
      determining, by the recursive server, the first authoritative domain name server according to the first NS record and the A record of the first NS corresponding to the domain name when the recursive server does not receive a message returned by the second authoritative domain name server, wherein the second NS record does not include the second authoritative domain name server.
  - 3. The method according to claim 1, wherein substituting, by the recursive server, the first NS record with the second NS record and caching the A record of the second NS comprises:
    - substituting, by the recursive server, the first NS record with the second NS record and caching the A record of the second NS, when the recursive server determines that the second NS record is different from the first NS record.
  - 4. The method according to claim 1, wherein:
    - the A record of the first NS and the A record of the second NS both utilize a form of Extensive domain name directing to IP address; and
      
      for each address (A) information in the A record of the first NS and the A record of the second NS, the authoritative domain name server corresponding to the A information in the NS record falls within a matching range of the A information.
  - 9. A non-transitory computer-readable storage medium, wherein the computer storage medium stores computer executable instructions, the computer executable instructions causing a computer to perform the method according to claim 1.
  - 13. The method according to claim 1, wherein the second NS record and the A record of the second NS are obtained by:
    - deleting, by the first authoritative domain name server, information of a domain name server working at an abnormal status in the first NS record and an A record of the first NS;
      
      orsubstituting, by the first authoritative domain name server, the information of the domain name server working at the abnormal status in the first NS record and the A record of the first NS with information of a newly added domain name server that is used to parse the domain name.
  - 14. The method according to claim 1, wherein:
    - an upper level domain name server of the first authoritative domain name server is configured with the second NS record and the A record of the second NS.

5. A domain name system (DNS) anti-attacking method, comprising:
- receiving, by a first authoritative domain name server, a domain name search request message sent from a recursive server, wherein the domain name search request message contains a domain name that is un-cached in the recursive server;
  
  determining, by the recursive server, a first authoritative domain name server according to a first name server (NS) record and an address (A) record of the first NS record; and
  
  sending the A record of the domain name, a second NS record and the A record of the second NS to the recursive server by the first authoritative domain name server, wherein the second NS record contains information of the authoritative domain name server that is used to parse the domain name and is at a normal working status.
- View Dependent Claims (6, 7, 11)
- - 6. The method according to claim 5, wherein the second NS record and the A record of the second NS are obtained by:
    - deleting, by the first authoritative domain name server, the information of the domain name server working at an abnormal status in the first NS record and the A record of the first NS;
      
      orsubstituting, by the first authoritative domain name server, the information of the domain name server working at the abnormal status in the first NS record and the A record of the first NS with the information of a newly added domain name server that is used to parse the domain name.
  - 7. The method according to claim 5, wherein:
    - an upper level domain name server of the first authoritative domain name server is configured with the second NS record and the A record of the second NS.
  - 11. A non-transitory computer-readable storage medium, wherein the computer storage medium stores the computer executable commands used to enable the computer to execute the method according to claim 5.

8. A recursive sever, comprising:
- a memory, configured to store program instructions; and
  
  a processor, configured to call the program instructions stored in the memory and execute the obtained program instructions according to a domain name system (DNS) anti-attacking method, the method including;
  
  receiving, by a recursive server, a domain name search request message, wherein the domain name search request message contains a domain name that is un-cached in the recursive server;
  
  determining, by the recursive server, a first authoritative domain name server according to a first name server (NS) record and an address (A) record of a first name server (NS) corresponding to the domain name and sending by the recursive server the domain name search request message to the first authoritative domain name server;
  
  receiving, by the recursive server, the A record of the domain name, a second NS record and an A record of the second NS returned from the first authoritative domain name server, wherein the second NS record records an authoritative domain name server that is used to parse the domain name and is at a normal working status; and
  
  substituting, by the recursive server, the first NS record with the second NS record and caching the A record of the second NS.
- View Dependent Claims (12, 15, 16, 17, 18, 19)
- - 12. An DNS anti-attacking system, comprising the recursive server of claim 8.
  - 15. The server according to claim 8, before determining, by the recursive server, the first authoritative domain name server according to the first NS record and the A record of the first NS corresponding to the domain name, the method further comprising:
    - determining, by the recursive server, a second authoritative domain name server according to the first NS record and the A record of the first NS corresponding to the domain name, wherein the second authoritative domain name server is an authoritative domain name server that has successfully parsed similar domain name as the domain name and is recorded in the recursive server; and
      
      determining, by the recursive server, the first authoritative domain name server according to the first NS record and the A record of the first NS corresponding to the domain name when the recursive server does not receive a message returned by the second authoritative domain name server, wherein the second NS record does not include the second authoritative domain name server.
  - 16. The server according to claim 8, wherein substituting, by the recursive server, the first NS record with the second NS record and caching the A record of the second NS comprises:
    - substituting, by the recursive server, the first NS record with the second NS record and caching the A record of the second NS, when the recursive server determines that the second NS record is different from the first NS record.
  - 17. The server according to claim 8, wherein:
    - the A record of the first NS and the A record of the second NS both utilize a form of Extensive domain name directing to IP address; and
      
      for each address (A) information in the A record of the first NS and the A record of the second NS, the authoritative domain name server corresponding to the A information in the NS record falls within a matching range of the A information.
  - 18. The server according to claim 8, wherein the second NS record and the A record of the second NS are obtained by:
    - deleting, by the first authoritative domain name server, information of a domain name server working at an abnormal status in the first NS record and an A record of the first NS;
      
      orsubstituting, by the first authoritative domain name server, the information of the domain name server working at the abnormal status in the first NS record and the A record of the first NS with information of a newly added domain name server that is used to parse the domain name.
  - 19. The server according to claim 8, wherein:
    - an upper level domain name server of the first authoritative domain name server is configured with the second NS record and the A record of the second NS.

10. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wangsu Science & Technology Co., Ltd.
Original Assignee
Wangsu Science & Technology Co., Ltd.
Inventors
CHEN, Danjiang, LI, Zaibin

Granted Patent

US 11,044,262 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

H04L 67/568   Storing data temporarily at...

METHOD, APPARATUS AND SYSTEM FOR ANTI-ATTACKING IN DOMAIN NAME SYSTEM (DNS)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

2 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, APPARATUS AND SYSTEM FOR ANTI-ATTACKING IN DOMAIN NAME SYSTEM (DNS)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

2 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links