DNS TRAFFIC SWITCH

Abstract

A device, method and system for regulating networks using Domain Name System (DNS) is disclosed herein. The exemplary method may receive a DNS transaction between a DNS client and a DNS server. DNS information associated with the DNS transaction is identified. An appropriate action for the transaction may be applied to the DNS information based on network security rules.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features and advantages of the present invention will be better understood by reading the following detailed description, taken together with the drawings wherein:

FIG. 1 is a system diagram of an exemplary DNS system.

FIG. 2 is a system diagram of an exemplary DNS switching system according to an exemplary embodiment of the present invention.

FIG. 3A is a system diagram of an exemplary DNS system according to an exemplary switch embodiment of the present invention.

FIG. 3B is a system diagram of an exemplary DNS system according to an exemplary DNS server switch embodiment of the present invention.

FIG. 3C is a system diagram of an exemplary DNS system according to an exemplary DNS client switch embodiment of the present invention.

FIG. 4 is a flow chart illustrating an exemplary embodiment used for the switching method according to the present invention.

FIG. 5A is a flow chart illustrating an exemplary embodiment used for the switching method causing the transaction to be dropped according to the present invention.

FIG. 5B is a flow chart illustrating an exemplary embodiment used for the switching method causing the transaction to be modified according to the present invention.

FIG. 5C is a flow chart illustrating an exemplary embodiment used for the switching method causing the transaction to be identified and modified according to the present invention.

Claims

1. A method for regulating networks using Domain Name System (DNS) comprising the acts of: receiving a DNS transaction between a DNS client and a DNS server;identifying DNS information associated with the DNS transaction; anddetermining an appropriate action for the transaction based on network security rules applied to the DNS information.

2. The method of claim 1, wherein the appropriate action drops the transaction and the method further comprises: dropping a packet from the network associated with the transaction.

3. The method of claim 1, wherein the appropriate action modifies the DNS information and the method further comprises: modifying the DNS information based on the appropriate action; andtransmitting the transaction with modified DNS information.

4. The method of claim 1, wherein the appropriate action modifies the DNS information and the method further comprises: generating a new request for the DNS Server;receiving a response from the DNS Server;modifying the DNS information based on the response; andtransmitting a response with modified DNS information to the DNS client.

5. The method of claim 1, wherein the DNS switch resides within a DNS server.

6. The method of claim 1, wherein the DNS switch resides within a computer of a DNS client.

7. The method of claim 1, wherein the DNS switch resides between a DNS server and a DNS client.

8. The method of claim 1, wherein the DNS switch resides within a DNS server of an Internet Service Provider (ISP).

9. The method of claim 1, wherein the transaction is a request sent from the DNS client to the DNS server.

10. The method of claim 1, wherein the transaction is a response sent from the DNS server to the DNS client.

11. The method of claim 1, further comprising: modifying the network security rules applied to the DNS information based on network traffic.

12. A Domain Name System (DNS) switch for maintaining a network comprising: DNS input for receiving DNS requests and responses;memory for storing network rules relating to handling DNS requests and responses;processor for identifying DNS information associated with the DNS requests and responses, applying the network rules to the DNS information, and producing a DNS switch response based on the applied network rules; andDNS output for transmitting the DNS switch responses.

13. The DNS switch of claim 12 wherein the DNS switch resides within a DNS server.

14. The DNS switch of claim 12, wherein the DNS switch resides within a computer of a DNS client.

15. The DNS switch of claim 12, wherein the DNS switch resides between a DNS server and a DNS client.

16. The DNS switch of claim 12, wherein the DNS switch resides within a DNS server of an Internet Service Provider (ISP).

17. The DNS switch of claim 12, wherein the processor applying network rules determines legitimate DNS requests of a DNS client and produces a DNS switch response to respond to the DNS Client request via the DNS output; transmits the DNS switch response and determines illegitimate DNS requests of a DNS client and produces no DNS switch response to respond to the DNS Client request.

18. The DNS switch of claim 12, wherein the processor applying network rules determines illegitimate DNS requests of a DNS client and produces a DNS switch request and via the DNS output transmits the DNS switch request to a DNS server; and the DNS server produces a response to the DNS switch request that is sent to the DNS client.

19. The DNS switch of claim 12, further comprising a network server with memory and a processor for monitoring network traffic and modifying the network rules in the DNS switch memory based on network traffic patterns.

20. The DNS switch of claim 19, wherein the network traffic patterns are patterns of DNS requests for IP addresses on the network.

21. A method for identifying and quarantining a client on a network using Domain Name System (DNS) comprising the acts of: receiving a DNS request from the client;identifying DNS information associated with the DNS request;determining that the DNS request is associated with one of a zombie, a bot, a virus and a worm located on the client; anddropping a packet with the DNS request of the client from the network.

22. The method of claim 21, further comprising the acts of: modifying the DNS information to an Internet Protocol (IP) address of a quarantine site; andtransmitting a response with modified DNS information to the client.

23. The method of claim 22, further comprising the acts of: receiving additional DNS requests from the client;identifying DNS information associated with the additional DNS request;modifying the DNS information to an Internet Protocol (IP) address of a quarantine site for the additional requests; andtransmitting additional responses with modified DNS information to the client.

24. The method of claim 21, further comprising the acts of: modifying the DNS information to an Internet Protocol (IP) address of a support site with instructions to remove the one of a zombie, a bot, a virus and a worm located on the client; andtransmitting a response with modified DNS information to the client.

25. The method of claim 21, further comprising the acts of: receiving the DNS response from a DNS Server associated with the DNS request from the client; anddropping a packet with the DNS response for the client from the network.

26. The method of claim 21, further comprising: modifying network filtering rules used to determine if the DNS request is associated with one of a zombie, a bot, a virus and a worm located on the client based on network traffic patterns.

27. The method of claim 21, further comprising: modifying network filtering rules used to determine if the DNS request is associated with one of a zombie, a bot, a virus and a worm located on the client based on patterns of DNS requests of the client.

28. The method of claim 21, wherein a DNS filter applying the method for identifying and quarantining a client on a network using DNS resides within a DNS server.

29. The method of claim 21, wherein a DNS filter applying the method for identifying and quarantining a client on a network using DNS resides within a computer of a DNS client.

30. The method of claim 21, wherein a DNS filter applying the method for identifying and quarantining a client on a network using DNS resides between a DNS server and a DNS client.

31. A method for regulating a client's activity on a network using Domain Name System (DNS) comprising the acts of: receiving a DNS request from the client;identifying DNS information associated with the DNS request;determining that the DNS request is associated with a regulated site of the client; anddropping a packet with the DNS request of the client from the network.

32. The method of claim 31, further comprising the acts of: modifying the DNS information to an Internet Protocol (IP) address of an alert site warning the client of the attempt to access a regulated site; andtransmitting a response with modified DNS information to the client.

33. The method of claim 31, further comprising: generating a new request for a DNS Server;receiving a response from the DNS Server;determining that the DNS response is associated with a regulated site of the client; anddropping a packet associated with the DNS response from the network.

34. The method of claim 31, further comprising: generating a new request for a DNS Server;receiving a response from the DNS Server;determining that the DNS response is associated with a regulated site of the client;modifying the DNS information of the response; andtransmitting a response to the client with the modified DNS information to the DNS client.

35. The method of claim 31, wherein a client-regulating module applying the method resides within a DNS server.

36. The method of claim 31, wherein a client-regulating module applying the method resides within a computer of a DNS client.

37. The method of claim 31, wherein a client-regulating module applying the method resides between a DNS server and a DNS client.