Secure domain name system
Abstract
A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers are provided. A verification component provides a verification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, and provides an answer to the query to an authentication component. The authentication component then provides an authentication, such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the received answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication, the verification component drops the answer.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers, the system comprising:
a verification component in serial communication with a recursive DNS server, the verification component being configured to receive a DNS query from the recursive DNS server and to provide a first verification that the query originated from the recursive DNS server; a first authentication component in communication with the verification component via a network, the first authentication component being configured to receive the DNS query and the first verification from the verification component, and to provide a confirmation that the first verification corresponds to the received DNS query; and a first authoritative DNS server in serial communication with the first authentication component, the first authoritative DNS server being configured to provide an answer to the DNS query and to transmit the answer to the first authentication component, wherein the first authentication component is further configured to receive the answer to the DNS query from the first authoritative DNS server and to provide an authentication that the received answer was provided by the first authoritative DNS server, and to communicate the received answer and the authentication to the verification component via the network; and wherein the verification component is further configured to receive the answer to the DNS query and to receive the authentication, and to verify that the authentication corresponds to the received answer.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.