US2017339122A1PendingUtilityA1

Secure domain name system

55
Assignee: NEUSTAR INCPriority: Sep 24, 2008Filed: Apr 3, 2017Published: Nov 23, 2017
Est. expirySep 24, 2028(~2.2 yrs left)· nominal 20-yr term from priority
H04L 63/1408H04L 63/14H04L 63/126H04L 9/3247H04L 61/1511H04L 63/08H04L 61/4511
55
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers are provided. A verification component provides a verification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, and provides an answer to the query to an authentication component. The authentication component then provides an authentication, such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the received answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication, the verification component drops the answer.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers, the system comprising:
 a verification component in serial communication with a recursive DNS server, the verification component being configured to receive a DNS query from the recursive DNS server and to provide a first verification that the query originated from the recursive DNS server;   a first authentication component in communication with the verification component via a network, the first authentication component being configured to receive the DNS query and the first verification from the verification component, and to provide a confirmation that the first verification corresponds to the received DNS query; and   a first authoritative DNS server in serial communication with the first authentication component, the first authoritative DNS server being configured to provide an answer to the DNS query and to transmit the answer to the first authentication component, wherein   the first authentication component is further configured to receive the answer to the DNS query from the first authoritative DNS server and to provide an authentication that the received answer was provided by the first authoritative DNS server, and to communicate the received answer and the authentication to the verification component via the network; and wherein   the verification component is further configured to receive the answer to the DNS query and to receive the authentication, and to verify that the authentication corresponds to the received answer.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.