Method and apparatus for limiting domain name server transaction bandwidth
First Claim
Patent Images
1. A method comprising:
- intercepting one or more Domain Name System (DNS) packets that are part of a DNS tunnel,examining a DNS packet of said one or more DNS packets for a suspect DNS record of a suspect DNS record type,wherein said suspect DNS record type is selected from the group consisting of a CNAME record type and a TXT record type,in response to determining that said DNS packet contains a suspect DNS record of a suspect DNS record type, then determining a size of said suspect DNS record,in response to determining that said size of said suspect DNS record exceeds a threshold, removing said suspect DNS record from said DNS packet, andallowing a DNS transaction comprising said DNS packet to proceed but with said suspect DNS record removed from said DNS packet,wherein the method is performed by one or more computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of limiting domain name server (DNS) transaction bandwidth comprises intercepting one or more DNS packets, examining said one or more packets for the presence of a suspect transaction criterion and, if said suspect transaction criterion is present, implementing a transaction bandwidth limitation action.
33 Citations
17 Claims
-
1. A method comprising:
-
intercepting one or more Domain Name System (DNS) packets that are part of a DNS tunnel, examining a DNS packet of said one or more DNS packets for a suspect DNS record of a suspect DNS record type, wherein said suspect DNS record type is selected from the group consisting of a CNAME record type and a TXT record type, in response to determining that said DNS packet contains a suspect DNS record of a suspect DNS record type, then determining a size of said suspect DNS record, in response to determining that said size of said suspect DNS record exceeds a threshold, removing said suspect DNS record from said DNS packet, and allowing a DNS transaction comprising said DNS packet to proceed but with said suspect DNS record removed from said DNS packet, wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A volatile or a non-volatile computer readable non-transitory storage medium storing one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform:
-
intercepting one or more Domain Name System (DNS) packets that are part of a DNS tunnel, examining a DNS packet of said one or more DNS packets for a DNS record of a suspect DNS record type, wherein said suspect DNS record type is selected from the group consisting of a CNAME record type and a TXT record type, in response to determining that said DNS packet contains a suspect DNS record of a suspect DNS record type, then determining a size of said suspect DNS record, in response to determining that said size of said suspect DNS record exceeds a threshold, removing said suspect DNS record from said DNS packet, and allowing a DNS transaction comprising said DNS packet to proceed but with said suspect DNS record removed from said DNS packet. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
10. An apparatus comprising:
-
one or more processors, and a network interface operatively coupled to the one or more processors, and a volatile or a non-volatile computer readable medium comprising one or more sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform; intercepting one or more Domain Name System (DNS) packets that are part of a DNS tunnel, examining a DNS packet of said one or more DNS packets for a DNS record of a suspect DNS record type, wherein said suspect DNS record type is selected from the group consisting of a CNAME record type and a TXT record type, if said DNS packet contains a suspect DNS record of a suspect DNS record type, then determining a size of said suspect DNS record, if said size of said suspect DNS record exceeds a threshold, then removing said suspect DNS record from said DNS packet, and allowing a DNS transaction comprising said DNS packet to proceed but with said suspect DNS record removed from said DNS packet.
-
Specification