Domain name resolution system and method

Description

[0002] A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.

BACKGROUND

[0003] 1. Field of the Invention

[0004] This invention relates generally to enhanced domain name servers, and more particularly, to efficiently processing domain name queries in a network such as the Internet.

[0005] 2. Background

[0006] The Internet has brought about an information revolution through the development of computerized information resources, on-line services and the World Wide Web (WWW). The Internet is growing rapidly, with an ever increasing number of computers and users being connected to the Internet daily.

[0007] In order for devices (computers, printers, and the like) on a network such as the Internet to be able to communicate with each other, the devices need to know (or be able to determine) each others' addresses. Many distributive systems (e.g., the Internet) assign device names in the distributive system by a hierarchical naming scheme known as domain names. An Internet domain name is generally a sequence of domain labels separated by periods. For example, “a.ultradns.com” is a domain name where “com” is a top level domain name of a top level domain, “ultradns” is a second level domain name of a second level domain and “a” is a third level domain name of a third level domain. A device in a domain is labeled by the name of the device followed by the domain name. Thus, a device labeled “server” in the “a.ultradns.com” domain has the name, “server.a.ultradns.com”. A device name is also referred to as a domain name. The Domain Name System (DNS) is a distributed hierarchical database comprised of client/server transaction servers that provide a mapping from domain names to associated information, e.g., to IP addresses.

[0008] While domain names partition a distributive system in a logical and hierarchical manner, messages are transferred between devices of the DNS by identifying devices using specific IP addresses. In the present Internet protocol, IP addresses are thirty-two-bit numbers that are expressed as four eight-bit values (i.e., four numbers in the range 0 to 255) separated by periods, e.g., “121.121.122.2”. IP addresses contain information such as a network identifier (“ID”) of a device network connection and a device ID. IP address are assigned by an address authority. The addresses are assigned in blocks to authoritative address servers.

[0009] A comprehensive description of the operation of domain name servers and IP addresses is given in DNS and BIND In A Nutshell, Paul Albitz and Cricket Liu, O'Reilly & Associates, 1994, ISBN: 1-56582-010-4, which is incorporated herein by reference.

[0010] IP addresses also relate to each other in a hierarchical manner. Thus, the DNS also provides a “reverse mapping” of IP addresses to domain names, by using a representation of the IP address that follows the DNS indexing model. However, the domain name hierarchy and the IP address hierarchy are not directly related to each other. While some name servers are also address servers, name and address servers do not have to be the same device. Thus, it is possible for a server to have authority to resolve a domain name into a corresponding IP address of a device, the same name server may not be able to resolve the IP address to the corresponding domain name of the same device. Thus, resolution of IP addresses to domain names follows a similar process as resolving domain names to IP addresses except different servers may be involved.

[0011] Because IP addresses are numerical and, unlike domain names, are assigned without regard to the logical and hierarchical organization of the DNS, domain names are generally used in instructions for functions such as data transfers. Thus, a data transfer instruction identifies the receiving device by its domain name. However, the domain name must be translated into a corresponding IP address before the data transfer can occur.

[0012] Domain names are managed by authoritative devices called name servers. That is, domain name servers perform the task of converting names to IP addresses. Name servers translate domain names into corresponding IP addresses and vice versa. When a first device desires to transfer a message to a second device known only by its domain name, the first device must query a name server to acquire the corresponding IP address to the known domain name of the second device.

[0013] It is estimated that by the year 2003, the number of domains on the Internet will increase ten-fold, exceeding 150 million domains. Associated with this increase in the number of domains will be an increase in user dissonance. Current implementations of the Domain Name System are entirely inadequate and unable to handle resultant DNS files' size or the magnitude and frequency of changes to these DNS files. Even today, real problems exist with content access and/or content distribution over the Internet. It is estimated that ten to thirty percent of Internet connection events are unsuccessful or unsatisfactory.

SUMMARY

[0014] The present invention provides a scalable and flexible platform for providing global directory services. In some embodiments, the invention uses redundant information servers to provide ubiquitous and high-performance access to directory services. This system of servers leverages the scalability and replication mechanisms provided by commercial database software. The DNS according to the present invention has an underlying modular design which allows additional wire-protocol services to be easily incorporated into the system, and allows additional modules to provide intelligent/dynamic responses by affecting changes in the data repository.

[0015] In various aspects, the present invention:

[0016] Supports large-scale service model better than alternative DNS servers.

[0017] Integrates other Internet services, e.g. “whois”, in a single data repository.

[0018] Multi-threaded server provides scalability to exploit commercial-level hardware.

[0019] Modular database implementation facilitates the addition of new features.

[0020] Database replication provides for ease of management of distributed servers, and database backup features provide information integrity.

[0021] Globally distributed server replicas provide the reliability, throughput and low delay required to scale a large commercial service. The servers are tied together using advanced Internet routing mechanisms that are reactive to the state of individual server replicas.

[0022] Multiple servers provide increased system throughput, reliability in the event of server failure, reliability in the event of provider network failure and nearest server mechanics serve as basis for advanced redirection service.

[0023] Embodiments of the present invention provide a DNS system based on an information-centric design, where multiple system components interact with system state that is maintained in the database. The database provides both the principle Internet information, and the required associations and configuration to specify the operation of the active components. The system allows for reduced operational staff requirements by supporting custom user-interface for direct management of user data, with integrated security and data validation to maintain data integrity.

[0024] The present invention also provides:

[0025] Information update via multiple user-specific custom interfaces, program APIs, or

[0026] Internet services such as dynamic DNS updates.

[0027] Fine-granularity security based on association between login and information objects.

[0028] Modular active components for reporting, billing and data integrity checking.

[0029] In one aspect, this invention provides a system for processing domain name requests. The system includes a query mechanism constructed and adapted to (a) obtain a user request for response information corresponding to a particular domain name; and (b) provide complete response information in a single response to the user request. The user request may be a domain name resolution request, in which case the query mechanism provides an Internet Protocol (IP) address corresponding to the domain name. The system accommodates user requests for other typed DNS data.

[0030] In some embodiments the a query mechanism is further constructed and adapted to provide the response depending on context information. The context information may include at least one of (a) context information from the request; (b) context information from the system; and (c) global context information.

[0031] The context information may include address information indicating an address of the user; the local time; and/or the location of the system.

[0032] In some embodiments, the system has a data cache and the query mechanism is further constructed and adapted to, upon receipt of a user request, first attempt to find an answer to the user request in the data cache.

[0033] In some embodiments, the query mechanism is further constructed and adapted to (a) if the answer exists in the data cache and the answer is fresh, send the answer directly from the cached data; and (b) if the answer exists in the data cache and the answer is stale, or if the answer does not exist in the data cache, then acquire the answer from a database; send the answer; and update the data cache to reflect the acquired answer.

[0034] Sometimes items in the data cache have a maximum lifetime which ranges from the time to live of the lowest resource record in a complete answer to the maximum cache time value configured for the system as a whole.

[0035] In some embodiments, the query mechanism is further constructed and adapted to implement negative caching such that if a request is made for a host that does not exist in an active domain, the negative response will be saved in the cache.

[0036] In another aspect, this invention is a method of providing an Internet Protocol (IP) address of one of a plurality of devices on the Internet. The method includes obtaining a user request for an IP address corresponding to a particular domain name; and providing the IP address in a single response to the user request. The method may include providing the IP address depending on context information. The context information may include at least one of (a) context information from the user request; (b) local context information; and (c) global context information.

[0037] In yet another aspect, this invention is a system comprising a network of distributed Domain Name Servers (DNSs), each DNS comprising a database; and a query mechanism constructed and adapted to obtain from the database a user request for response information corresponding to a particular domain name; and to provide complete response information in a single response to the user request. The databases in the network are replicated.

BRIEF DESCRIPTION OF THE DRAWINGS

[0038] The objects and advantages of the invention will be apparent upon consideration of the following detailed description, taken in conjunction with the accompanying drawings, in which the reference characters refer to like parts throughout and in which:

[0039]
FIG. 1 provides an overview of embodiments of the present invention operating within the Internet; and

[0040]
FIG. 2 depicts the logical structure of the database schema according to embodiments of the present invention.

DETAILED DESCRIPTION

[0041] With reference to FIG. 1, a Domain Name System (DNS) server 100 (DNS1) according to the present invention comprises a database 102 having a unique database schema and a complementary unique SQL interface 104. A query mechanism 106 uses the SQL interface 104 to query the database 102 and to return results to requesting users, e.g., user 108.

[0042] The present invention can be considered at two levels, namely at a server level (e.g., DNS1 100) and at a system level (e.g., DNS1, DNS2, . . . , DNSn).

[0043] Server-Level: At the server level, this invention provides mechanisms that enable a DNS server (e.g., DNS1 100) according to the present invention to achieve sufficient performance (circa thousands of queries/second) even though the underlying data repository supports basic data retrieval at a rate of hundreds of queries/second.//

[0044] Features of this server level, discussed below in detail, include:

[0045] Aggregate database queries

[0046] Common case optimizations

[0047] Data caching (and consequently-required cache invalidation mechanisms)

[0048] System-Level: At the system level, this invention provides mechanisms that enable a system of DNS servers (e.g., DNS1, DNS2, . . . , DNSn in FIG. 1) to provide enhanced/integrated management of information, and provides various levels of performance enhancement for incoming queries and internal transactions.

[0049] Features of this system level, discussed below in detail, include:

[0050] Modular data-centric design

[0051] Database-layer synchronization

[0052] Single IP address announcement of replicated servers

[0053] The server-level mechanisms according to the present invention enable the DNS server to achieve a greater transaction throughput rate. The system-level mechanisms work synergistically, and allow the DNS System according to the present invention to provide a diverse set of features and benefits.

[0054] The server-level mechanisms according to the present invention enable the modular data-centric design and database-layer synchronization.

[0055] Server-Level Mechanisms

[0056] A name server response to a DNS query requires a complex set of calculations that allow:

[0057] (a) different responses to be returned depending on the servers authority,

[0058] (b) different answers depending on the existing domain name data, and

[0059] (c) the server to return an answer comprised of multiple inter-dependent sections.

[0060] Specifically, a DNS's response algorithm must consider at least the following:

[0061] Three response sections: Answers, Authority, and Additional CNAME (domain name alias) dereferencing

[0062] Wild card matching (matching of leading superstrings)

[0063] Iterative domain name search (matching the longest recognized domain name)

[0064] Conventional (prior art) DNS servers make many distinct queries to the data repository in order to determine the correct records to include in a response. Consequently, the transaction rate of the DNS server will be reduced by a similar factor (e.g., if eight database queries are required, transaction rate will be reduced by approximately a factor of eight). The DNS server according to the present invention significantly reduce the average number of queries required to construct a DNS response, as compared with conventional so-called “straight forward” algorithms that depend on many distinct queries to the data repository.

[0065] Aggregate Database Queries

[0066] The DNS server according to the present invention uses compound database queries so that a single query can return multiple component records required to construct a DNS response. Moreover, database queries are correlated so that in instances where multiple queries are required, subsequent queries can be optimized based on records retrieved by earlier database queries. The DNS query strategy according to the present invention:

[0067] retrieves combinations of Answer, Authority, and Additional records in a single query,

[0068] retrieves available CNAME records along with Answer/Authority/Additional records, and

[0069] reduces iterative domain name search overhead by correlating records from different iterations.

[0070] With this invention, the number of database queries required to construct a complete DNS response can be as low as one. This is a considerably improvement when compared to a similar strategy based on simple database queries that would require a separate query for each of Answers and Authority, and multiple queries for Additional records.

[0071] Common Case Optimization

[0072] In general, common case optimizations are effective in systems where there are a number of distinct potential outcomes (a) with different probabilities of occurrence, (b) requiring varying levels of incremental overhead, and (c) where a determination can be made that a specific outcome has been reached, without an exhaustive outcome analysis.

[0073] The present invention recognizes that common case optimization is applicable to the DNS server database query strategy, and has identified two specific optimizations based on knowledge of DNS protocols and the expected incoming query stream. The DNS system according to the present invention implements these optimizations by making the test for (and handling of) each case a separate code segment, and promotes this code to handle the task prior to the execution of any general query code.

[0074] Case #1:

[0075] The DNS server according to the present invention contains authoritative answer for a domain name query that is one label longer than the zone's domain name (e.g., with a zone name of “foo.com”, then an optimization is effective for “www.foo.com” but not for “www.mkt.foo.com”).

[0076] Case #2:

[0077] The DNS server according to the present invention has delegated the next-level subdomain name (e.g., the incoming query is for the domain name “www.mkt.foo.com”, which is in the zone “foo.com”, then the optimization is effective if the “mkt.foo.com” zone has been subdelegated).

[0078] The use of these specific optimizations does not preclude the development of additional optimizations. The fundamental realization and requirements remain unchanged, allowing common case optimizations to be applied to outcomes based on revised outcome probabilities.

[0079] Specifically, further common case optimizations specified rely on restrictions on the records in the database to guarantee the validity of the query response. For example, a generalization of Case #1 (above) that optimizes for arbitrary length domain name queries (e.g., the incoming query is for the domain name “www.unit.mkt.foo.com” within the zone for “foo.com”). This case can be optimized if no conflicting records are present, i.e., any record that could alter the precedence made for the optimization case (e.g., an intervening NS record or wildcard record associated with the domain name “mkt.foo.com” would have an impact on the above example of “www.unit.mkt.foo.com” in zone “foo.com”).

[0080] Additionally, the DNS query strategy according to the present invention allows for flexible/dynamic optimization code to be constructed, where, e.g., a specific ordering of individual common case optimizations is associated with each zone, based on prior knowledge or statistics maintained about each zone. This technique can be applied so that the best strategy is selected at the granularity of each zone, each server, or any identifiable class of query stream.

[0081] Data Caching and Cache Invalidation

[0082] Dynamic data caching is a mechanism that has been applied to achieve performance in many types of systems, but has never before been use to provide a fast-access data repository of authoritative data within an Domain Name Server.

[0083] The Domain Name System was designed with an integrated “time to live” (TTL) caching mechanism, and we note three example applications of caching elsewhere within the Internet and Domain Name System.

[0084] Applications such as web browsers frequently maintain copies of DNS records obtained while processing HTTP requests, and use applicable DNS records for subsequent requests. This use of caching does not maintain authoritative data, nor does it directly effect the operation of a DNS server.

[0085] Caching DNS servers (also known as recursive servers or “helper” servers) provide a separate function from “hosting” DNS servers. Recursive servers act on the behalf of an application (e.g., a user's web browser) and query a hierarchical series of hosting DNS servers to obtain the required DNS response. Information obtained in the course of a DNS query resolution may be maintained and used to expedite subsequent DNS queries, until each record's specified time-to-live has expired. This is a fundamental use within the DNS, but only addresses the behavior of non-authoritative servers when handling authoritative data.

[0086] Conventional primary DNS servers (e.g., as embodied by the “bind” serve distribution) read all authoritative domain information into a computer memory direclty from files, and answer queries based on a complete memory-resident copy of all domain information. Unlike the above caching examples, this is not an application of dynamic caching, but is a static copy of DNS information that does not change or replace based on well-known caching criteria such as frequency of use, nor does it embody any dynamic mechanisms for maintaining cache consistency. There is no dynamic mechanism for a “cache miss” that involves the standard alternative method of making a backup query to the primary (i.e., non-cache) repository.

[0087] According to embodiments of the present invention, the DNS server maintains an internal dynamic cache of recently-used authoritative DNS records taken from the database repository. Two embodiments are specified: (1) where individual resource records are cached separately and subsequent DNS response are comprised of the individual records, and (2) where the entire response to a DNS query is cached as an aggregate and are immediately available for a subsequent response, eliminating overhead required to construct a complete response. The strategy for handling incoming DNS queries includes an examination of the internal cache for efficient access to data, and if not available, a subsequent query to the primary data repository (database) is made. These mechanisms are used for both “positive caching,” i.e., when the data exists, and “negative caching,” i.e., when the server can authoritatively respond that the information does not exist.

[0088] The DNS server according to the present invention also embodies cache replacement mechanisms to control the amount of “stale” (infrequently used) data in the cache, and to allow for effective utilization of cache and system resources. Multiple embodiments exist to remove DNS data from the cache based on frequency or timeliness of use.

[0089] Cache Invalidation

[0090] A dynamic caching system must employ cache invalidation mechanisms to guarantee that information in the cache corresponds to the state of the primary data repository. This requires that data items are removed from (or replaced within) the cache when the corresponding information is changed within the primary data repository. This allows a DNS server according to the present invention to accurately reflect the correct information within the system.

[0091] The DNS server according to the present invention are embodied by a number of related cache invalidation mechanisms that address the complete range of transaction types that can be performed on the primary data repository, and the type of cache data that can be maintained in the system. The design space that defines the cache transactions of interest is represented by the Table below which specifies twenty four different cache invalidation transactions that can be addressed by the invention's cache invalidation strategy. Note that not every space need be addressed by a particular embodiment of the invention, and that some cache invalidation mechanisms will address multiple invalidation requirements.

1Query CacheQuery CacheQuery CacheRecord Cache(Answers)(Authority)(Additional)Delete fromPositivePositivePositivePositivePrimary-vs.--vs.--vs.--vs.-DbaseNegativeNegativeNegativeNegativeAddition toPositivePositivePositivePositivePrimary-vs.--vs.--vs.--vs.-DbaseNegativeNegativeNegativeNegativeModify withinPositivePositivePositivePositivePrimary-vs.--vs.--vs.--vs.-DbaseNegativeNegativeNegativeNegative

[0092] Multiple invalidation mechanisms can be applied together, so that each addresses a subset of the potential cache interactions and requirements. Further, these mechanisms can embody varying criteria for timeliness of data invalidation, according to the importance assigned to each subset. For example, when caching entire DNS responses the data within an Answer section may be considered more critical than the data within an Authority section. In this case, mechanisms can be employed that immediately respond to updates to information in the Answer section, while other less timely mechanisms will eventually invalidate the records within the Authority section.

[0093] System-Level Mechanisms

[0094] The system-level mechanisms according to the present invention work synergistically, enabling the DNS System according to the present invention to provide enhanced/integrated management of information, and to provide a range of performance enhancement for incoming queries and internal transactions.

[0095] Modular data-centric design

[0096] Database-layer synchronization

[0097] Single IP address announcement of replicated servers

[0098] Modular Data-Centric Design

[0099] The DNS domain name server according to the present invention (e.g., DNS1 100 of FIG. 1) separates the functionality of the standard monolithic Internet server into two distinct components: a commercial database system as the data repository, and a DNS wire-protocol server designed to answer queries based on authoritative DNS data from the database component. This architectural choice provides for a clean modular design, which in turn provides a flexible and scalable platform that is leveraged to provide a diverse set of features and inventions.

[0100] Data-Centric Modeling and Functional Server Module Extensions—The two-component design allows for modular extensions to both the data model, and the functions (e.g., servers) that operate on the system. Embodiments of this invention include, but are not limited to, one or more user interfaces for data management, transaction processors to provide an extensible API for data management, Internet system monitors that can query external system status (e.g., webserver availability) and affect changes to the data repository, and servers for other Internet directory servers (e.g., whois, radius, etc).

[0101] Integrated Access Control Mechanisms-Using a database repository for DNS information allows several principle objects (e.g., users and other network data schemas) to be modeled and managed. A significant feature of the DNS Domain Management System according to the present invention is the ability to control and delegate the many-to-many access patterns of users accessing domain name data.

[0102] Query and Context Specific Responses—Conventional (prior art) DNS servers take as input a <domain name, query type, query class> tuple, and return the appropriate resource records. The DNS system according to the present invention has revised the basic query/response transaction by incorporating additional fields within the data model such that the response to a query can be based on additional criteria. These criteria can be comprised of information obtained from the incoming query (e.g., source IP address), information available to the local server (e.g., time of day or server identity), and similar context or query specific information.

[0103] Dynamically Configurable DNS Record Types—The DNS server according to the present invention allows new resource record types to be defined, and immediately incorporated into the system. Based on resource record templates included in the data model, the DNS server according to the present invention system can incorporate new record types in minutes without additional low-level code development. This is in contrast to the conventional (prior art), where deployment of a new resource record type requires considerable low-level program design and coding, and requires a new server binary be deployed on all applicable machines. Moreover, combined with context specific responses (above), domain administrators may define their own “local” types that are specific to the answers returned for their DNS domain.

[0104] Ability to deploy and maintain a state-of-the-art data management service based on commodity implementations of core database technologies. The conventional (prior art) systems for Domain Name System management deploy integrated ad-hoc implementations of database technology, which lag advanced database features and make it difficult to deploy new features based on database technology advances.

[0105] Database-Layer Synchronization

[0106] The DNS system according to the present invention maintains data consistency between multiple redundant servers (e.g., DNS1, DNS2, . . . , DNSn in FIG. 1) by propagating changes to the managed data using database-level transaction processing. This has advantages over conventional (prior art) consistency mechanisms, which are based on application-level transactions. These advantages include:

[0107] Virtually immediate propagation of changes to Domain Name System information. This is particularly important when inaccurate information must be corrected, or when critical domain information changes frequently and changes must be visible quickly. For example, one of the most frequently changed zones, “.COM”, also has the greatest number of records. Using conventional (prior art) systems, “.COM” has historically been restricted to a twelve-hour periodic updates. Using the DNS system of the present invention, changes to “.COM” are routinely propagated within 5-15 minutes.

[0108] Ability to accept and propagate changes to Domain Name System information from multiple servers, and consequently, the ability to make data management more reliable with better system availability and performance. This is in contrast to conventional (prior art) DNS systems, which do not have the conflict resolution mechanisms required to support multiple sources of update transactions.

[0109] Single IP Address Deployment for Replicated Servers

[0110] Globally distributed server replicas (e.g., DNS1, DNS2, . . . , DNSn) provide the reliability, throughput and low delay required to scale a large commercial service. The servers are tied together using advanced Internet routing mechanisms that are reactive to the state of individual server replicas. In preferred embodiments, each DNS system according to the present invention shares a common IP address and supports a name server replica. The shared IP addresses are injected into the Internet routing mesh by each server so that Internet routers will direct IP packets to the nearest topological server. Each server replica is monitored for correct behavior, and the IP route is withdrawn if the server no longer responds to DNS queries. This mechanism provides the following benefits:

[0111] User DNS queries are directed to the nearest DNS replica minimizes the delay experienced for DNS resolution.

[0112] Transitory server and network failures are transparent to a user's DNS query and application transaction. Servers that are not reachable or functional are invisible, and DNS queries arrive at the nearest functional server without experiencing the delay for standard DNS timeout and retransmission.

[0113] The DNS system acquires user proximity information based on the server replica that receives the user DNS query. This information can be used to provide proximity based responses to direct users to nearby application servers.

[0114] Implementation

[0115] The Database

[0116] This section describes the unique database schema of the database 102.

[0117] Overview

[0118] The database 102 according to preferred embodiments of this invention is organized and structured according to the following unique database schema. The database schema involves fourteen (14) tables. Only three (3) of these tables contain actual data (i.e., DNS & Contact), the other eleven (11) tables are needed to manage the data. The schema allows management of who has access to which data, how can they access it, who can create new data, and how they should be billed for use of the system.

[0119] The data managed by the DNS Server 100 is (a) contact information, (b) zone information, and (c) resource record information. Although zones and resource records are related, the system must have the ability to manage them distinctly. The reason for this is to enable targeting different users, some of which want to use the Server 100 to manage an entire zone for them, and some of which will just enter individual resource records (in a particular zone).

[0120] For any data that can put in the system, there are two access control mechanisms involved: (1) a mechanism that specifies whether the item can be put in (created) in the system, and (2) a mechanism that specifies how items can be accessed.

2TABLE LIST & SUMMARYTable NameDescriptionLOGINUser information (to establish identity on the system)SYS_MGMTDescribes how the DNS system is managed (e.g., who can createnew zones, billing policy, etc)RRJUMBOcombined Resource Record (RR) index and data.CONTACTpeople/role/organization (like whois)CONTACT_ASSOCindicates association between contact information, and otherdata/items (e.g., zones or RRs)ZONEbasic mgmt information for a related set of DNS RRsZONE_INTERFACElist of “outside” servers the system must talk to primaries/mastersOR secondaries we update)ZONE_CNTLmuch like information in SOA recordZONE_MGMTzone owner describes how zone may be used (e.g., who can createnew RRs, billing policy, etc)ZONE_SERVERSmaintains list of which zones in system, and which IP addresses cando zone transferRR_MGMTindicates logins that can modify specific RRs (Resource Records)BillingPolicyrules/policy owners set for billing others for useBillingInfoactual billing information for a particular object (derived fromowners BillingPolicy)USAGE_HISTORYcontains past usage data (to answer billing concerns)RRTEMPLATEdescribes DNS RRs the system knows about (includes standard anduser defined RRs)IPV4RANGErestricts (or allows) access per source IP address

[0121] Table Schema

[0122] This section describes what information is in the tables and, in some cases, gives the formats and sizes of the data used in some embodiments of the present invention.

[0123] The LOGIN table describes identity within DNS system of the present invention. The table includes information on how to authenticate a user to system. The LOGIN Table is established via login/password, X.509, PGP, DNSSec, etc.

[0124] The following table summarizes the fields of the LOGIN table.

3LOGINFieldDescriptionRelationship to other TablesIdinternal dbase index/pointerappears in other tablesindicating this users has someclaim/access to the objectEmailcontact informationIpaddrrestrict logins to specific IP rangeindex to IPV4RANGE tablex509idID for primary authentication methodUsernamebackup login namePasswordbackup passwordPassquesuser-supplied question for lost informationPassanswuser-supplies answer for lost information

[0125] The SYS_MGMT table (described below) provides a template about use, access, etc. It provides information about how the system is managed; who can access, modify, create new “objects”, and information on how users are charged for access. The SYS_MGMT table allows the DNS according to the present invention to be deployed in different ways (e.g., closed access at large companies versus open ISP access). Some preferred embodiments allow deployment of two object types to be created, namely contacts and zones. Both can be created by anyone. Contacts can be created at no charge; zones may or may not incur charges (perhaps per-user).

4SYS_MGMTFieldDescriptionRelationship to other TablesObjtypewhat type of objects can be created**Accesstype (create or read)**Login(loginid OR “ANY”)ID in LOGIN table about whocan createIpaddrrestrict/grant access by IPsrc Addr**Billingspecifies how to charge for accessindex into BILLING table

[0126] The RRJUMBO table represents DNS resource record (RR) information. This table is for the “index” or “lookup” of the incoming query, and contains columns for different parts of RR data section. Resource records are defined in RFC 1035 [Network Working Group Request for Comments: 1035, P. Mockapetris, ISI, November 1987] which is incorporated herein by reference.

5RRJUMBOFieldDescriptionRelationship to other TablesIdinternal dbase IDreferenced by other tablesActiveindicates RR is “active”(e.g., paid for)Deadindicates “machine” inactiveZonezone membership identifierindicates RR associated withZONE tableDnamedomain name(e.g., “www.ultradns.com”)LnameLower case Dname to optimizelookupsTypeRR typeClassRR Classserversindicates which server returnparticular RRTimeIndicates time frame RR isreturnedipv4addrindex into IPV4RANGE Tableindex into IPV4RANGE table (tospecify per IPaddress RRs)ip_lowsimple (hi-performance) IPsource address specificationip_highsimple (hi-performance) IPsource address specificationip_bitssimple (hi-performance) IPsource address specificationcreate_whologin ID of record creatorindicates record created byLOGIN tablecreate_ipIP address of creator (ifanonymous)Create_datewhen createdupdate_whologin ID last modifylogin id of last updateupdate_whenlast modified timeBillingindex to BillingInfobilling information associated withRRReadcntrecent RR readsReadsincestart time of read countwriteentrecent RR changesWritesincestart time of write countTtlResource record TTL (time tolive) (seconds)f1RRdata field #1F2RRdata field #2F3RRdata field #3F4RRdata field #4F5RRdata field #5F6RRdata field #6F7RRdata field #7F8RRdata field #8ref1dname reference for“additional” RRs

[0127] A “DNS lookup” in the RRJUMBO table uses (matches against) the following six values to find the requested DNS resource record:

[0128] domain name (from dns query packet)

[0129] dns type (from dns query packet)

[0130] dns class (from dns query packet)

[0131] server id (name/id of server answering query)

[0132] time (current time of day at server)

[0133] source IP address (from the IP packet)

[0134] Note that the use of the RRdata fields, f1 . . . f8, depends on the type of RR (e.g., MX records will use f1 and f2, A records will only use f1, and SOA records will use f1-f7).

[0135] The RRJUMBO table is used to store data for multiple purposes: in addition to storing “live” domain records, “template” records are stored which embody the mechanism to provide configurable DNS records. Each DNS Resource Record type is represented by one or more template records in the RRJUMBO table which specify the format and structure of each record type.

[0136] The CONTACT Table contains information about a person, role, or organization (i.e., this is basically “whois” information). Note that the information in the CONTACT Table has nothing to do system login.

6CONTACTFieldDescriptionRelationship to other TablesIdInternal dbase indexreferenced by other tablesOrderSequence information forrelated recordsTypename, phone, fax, email, etc.(see list below)InformationAssociated information (e.g.,name: Steve Hotz)Anonaclread permission for field (e.g.,do not give out phone number)ipaddrIP address based readindex into IPV4RANGE Tablerestrictions/permissions

[0137] The TYPE values for above “type” field (similar to RIPE-181) include:

[0138] name

[0139] email

[0140] email-alt

[0141] phone

[0142] phone-alt

[0143] fax-no

[0144] nic-hdl

[0145] nic-hdl-alt

[0146] address (multiple-line text string)

[0147] source (in case information came from another place)

[0148] date-create

[0149] date-update

[0150] The CONTACT_ASSOC Table indicates association between contact information, and other data/items (e.g., zones or RRs)

7CONTACT_ASSOCFieldDescriptionRelationship to other TablesIdname/id of object (e.g., “ultradns.com”.)internal identifier of DNS dataitem (e.g., contact, zone, or RR)Objtype{system, zone, record}contactid of CONTACT informationType{admin, tech, billing, registration}Public{yes, no} read access for general public

[0151] The ZONE table basic information about a group of related RRs.

8ZONEFieldDescriptionRelationship to other TablesZoneName of the zone (e.g., “ultradns.com”)Every column in this tableOwnerLOGIN id of zone ownerrelates to other tables.BillingHow this zone is billed (BillingInfo)zonecntlZONE_CTRL id for internal consistency

[0152] The ZONE_INTERFACE Table specifies external servers (i.e., servers that are not embodiments of the present invention) that must either be used as primary/master, or updated as secondary/slave.

9ZONE_INTERFACEFieldDescriptionRelationship to other TablesZonezone being updated/transferredrefers to zone name in numeroustablesinout{in, out}srvnamename of serverSrvipIP address of serverctrlZONE_CTRL id for record controllingreference into ZONE_CTRLfrequencytableview_ipif multi-dimension records, snapshot this IPview_timeif multi-dimension, snapshot at this timeview_srvif multi-dimension, snapshot for server

[0153] The ZONE_CNTL Table contains zone control information, similar to SOA parameters. This Table is used for database consistency (may not be needed with internal Oracle, however, can specify interface with external servers).

10ZONE_CNTLFieldDescriptionRelationship to other TablesIdInternal IdentifierReferenced by other tablesSerialRefreshRetryExpireMincacheFlagsNotify turned on

[0154] The ZONE_MGMT table includes information about how a particular zone is managed; who can access, modify, create new “objects”, and information on how the user is charged for access.

11ZONE_MGMTFieldDescriptionRelationship to other TablesZonezone being managedrelates several tables holdingzone informationloginlogin ID with access (or “ANY”)LOGIN table for who has accessipaddrsource IP access restrictionsIPv4Range table for src addressaccessBillingbilling policy associated with accessindex into BillingPolicy tablerrlistbit map of RR types that can be createdModsallow zone modifications:can modify via dynamic updatemodify all RRsmodify all contact informationmodify zone informationmodify zone_mgmt informationFeaturesBit map of allowed featuresdefine new typescreate multi-dimensionalcan create RRs that allow dynamicupdatescan create new RRs using dynamicupdatedead machine monitoring otherFlagsindicate other actions associated withupdate/access indicating requiredper-record information (i.e., contact)owner requires change notification(via email)

[0155] The ZONE_SERVERS table is an auxiliary table listing zones for which the system is responsible. This table is used by servers to find zones for which they are authoritative.

12ZONE_SERVERSFieldDescriptionRelationship to other TablesZoneZone nameZone name relates to multipletablesServerServer holding zonexferipIPV4RANGE allowed zone transfersIPv4Range index

[0156] The RR_MGMT Table provides an access list for specific RRs.

13RR_MGMTFieldDescriptionRelationship to other TablesRrodRrindex idEvery column (except flags)LoginLogin allowed to change (or “ANY”)relates to columns in otherIpaddrsrc IP based access restrictionstables.Flagsaccess allowed (initially, all or nothing)

[0157] The BillingPolicy table (set by owner(s) of system or zone) contains information about how to bill for system use. The owner of system sets this up ahead of time, and the system enforces the various billing policies.

14BillingPolicyFieldDescriptionRelationship to other Tablesbillp_idinternal dbase indexreferenced by other tablecolumnsWhatzone, contact, dname, RRtype(s), featuretypeone-time, read, write, time,<feature_name>Unit<count> for read/writeday|week|month|year for time or featureAmtAmount (in dollars)cnd_typereads OR writes [must be greater than]cnd_unitcount [per]cnd_timetime unit (day|week|month|year)intro_timedays before billing startsperiodyearly/monthly/choiceyear_discountcan offer (percentage) discount foryearly rate

[0158] Each zone may specify more than one policy. For example,:

15<cond><what><type><unit><amt>Type>UnitTimeZone1-time29.99ZoneTimeYear9.99ZoneWrite11.00Write>10MonthFeatureDyn_UpdMonth1.99

[0159] The BILLINGINFO Table contains information about who and when to bill for use.

16BillinginfoFieldDescriptionRelationship to other Tablesbilli_idinternal dbase indexreferenced by other table columnswho_idbilling contact indexreference to CONTACT tableMethodCredit card, usmail, emailbillp_idReference to BillingPolicy tableCredcardcredit card accountexpirecredit card expire datecard_idbilling address for credit card (if differentreference to CONTACT tablefrom who_id)billp_idindex to Billing Policy recordcreate_datewhen billing record was creatednext_datenext statement date

[0160] The USAGE_HIST Table contains historical system/information usage information. Can attach to various objects: RRdata, Zone, Contact, etc. (Some preferred embodiments attach to RRs)

17USAGE_LISTFieldDescriptionRelationship to other TablesIdinternal dbase ID of object trackedrelates to Id field of other tablesObjtypeRR/zone/contact/otherdetermines which “other table”accessread/write/otherstartstart of period (seconds since epoch)Endduration of period (e.g., in seconds)cntnumber of accesses

[0161] Preferably use logging is (a) only turned on for some records, and (b) could be a “premium service”. Must keep “current” usage for billing, but this feature is “turned on”.

[0162] The IPv4Range Table contains CIDRized subnet masks, primarily used for address based (i.e., weak) authentication. This table is used for (a) handing out RRs based on srcipaddress, and (b) simple access control for updates to data (e.g., using dynamic updates as implemented).

18IPv4RangeFieldDescriptionRelationship to other TablesIpidindex of IP range specthis table id serves as index, and appears inother tables (indicating whether access isallowed from specific source IP addressesFlagflag indicatingallowed/prohibitedbitsnumber of bits in maskLowlowest address valueHighhighest address value

EXAMPLE

[0163]

19

Listid
flag
bits
iprangelow
iprangehi

#1
prohibit
0
0x00000000
0xffffffff

#1
allow
16
0x80090000
0x8009ffff

#2
allow
0
0x00000000
0xffffffff

#2
prohibit
16
0xa0070000
0xa007ffff

#2
prohibit
16
0xa0090000
0xa009ffff

#3
prohibit
0
0x00000000
0xffffffff

#3
allow
16
0xc9140000
0xc914ffff

#3
prohibit
24
0xc9142800
0xc91428ff

#3
prohibit
24
0xc9142a00
0xc9142aff

#1 allows small number of addresses;

#2 prohibits small number of addresses;

#3 allows all in range, with exceptions;

[0164] The following section provides the database field formats and sizes for a preferred embodiment of the present invention. Some of the fields have common sizes:

[0165] 256 char==dnames

[0166] 10 num==32 bit integers (e.g., IPv4addr and time in seconds)

[0167] 14 num==internal identifier

20LOGINIdnum 14null-okEmailvch 256Ipaddrnum 14x509idvch 256Usernamevch 64Passwordvch 32Passquesvch 80Passanswvch 80SYS_MGMTObjtypeVch 16AccessVch 16LoginNum 14IpaddrNum 14null-okbillingNum 14null-okRRJUMBOidnum 14activenum 1deadnum 2zonevch 256dnamevch 256typevch 16classvch 16serversvch 32null-oktimevch 168null-okipv4addrnum 14null-okip_lownum 10null-okip_highnum 10null-okip_bitsnum 3null-okcreate_whonum 14create_ipnum 10create_datenum 10update_whonum 14update_whennum 10billingnum 14null-okreadcntnum 8null-okreadsincenum 10null-okwritecntnum 8null-okwritesincenum 10null-okTTLnum 10f1vch 1024f2vch 1024null-okf3vch 256null-okf4vch 256null-okf5vch 256null-okf6vch 256null-okf7vch 256null-okf8vch 256null-okref1vch 256null-okCONTACTidnum 14ordernum 2typevch 16infovch 168anonaclvch 8null-okipaddrnum 14null-okCONTACT_ASSOCidnum 14objtypevch 16contactnum 14typevch 20null-okpublicvch 8ZONEzonevch 256ownernum 14billingnum 14null-okzonecntlnum 14ZONE_INTERFACEzonevch 256inoutvch 8srvnamevch 256null-okSrvipnum 10null-okCtrlnum 14view_ipnum 10null-okview_timenum 3null-okview_srvnum 3null-okZONE_CNTLIdnum 14Serialnum 10Refreshnum 10Retrynum 10Expirenum 10Mincachenum 10Flagsvch 8null-okZONE_MGMTZonevch 256Loginnum 14null-okIpaddrnum 14null-okBillingnum 14null-okRrlistvch 256Modsvch 16featuresvch 16null-okFlagsvch 8ZONE_SERVERSZonevch 256Servervch 256Xferipnum 14null-okRR_MGMTrridnum 14loginnum 14null-okipaddrnum 14null-okflagsvch 8null-okBILLINGPOLICYbillp_idnum 14whatvch 32typevch 32unitvch 16amtnum 8cnd_typevch 8null-okcnd_unitnum 8null-okcnd_timevch 8null-okintro_timenum 6periodvch 8year_discountnum 4BILLINGINFObilli_idnum 14who_idnum 14methodvch 12credcardnum 16null-okexpirevch 7null-okcard_idnum 14null-okbillp_idnum 14create_datenum 10next_datenum 10USAGE_HISTidnum 14objtypevch 16accessvch 16startnum 10endnum 10cntnum 12IPV4RANGEipidnum 14flagnum 2bitsnum 2lownum 10highnum 10

[0168] Design Choices

[0169] Probably the least obvious design choice is the way that CONTACT is laid out. What would be more obvious/natural is to have one table row represent each particular contact record. However, this design breaks contact information into multiple fields, and represents each field as a row in the database. This method is more flexible (given the flexible nature of the data), and supports the association and efficient lookup of “ACCESS POLICY” to individual fields (e.g., to allow random people looking at a CONTACT record to see an email address but not see a phone number associated with that record).

[0170] The SQL Interface

[0171] The SQL Interface 104 takes queries/requests for domain name/address resolution and returns the appropriate address and other information. The SQL implementing the interface 104 in a preferred embodiment is listed below (in the Table titled SQL Query).

EXAMPLE

[0172] Here is a sample query made by a user 108 of the DNS 100 according to the present invention. The request is processed by the query mechanism 106 which uses the SQL interface 104 to access the database 102.

[0173] Query: a.b.c.d.wonk.com. <type> where the system knows that it has “wonk.com.ZONE”

[0174] Then, in the worst case, the system has to make the following queries into the database 102:

21a.b.c.d.wonk.com.<type>## commonly returns ANSWERb.c.d.wonk.com.NS## commonly returns AUTH dataa.b.c.d.wonk.com.NS## common to indicate sub-delegation*.b.c.d.wonk.com.<type>b.c.d.wonk.com.NS*.c.d.wonk.com.<type>c.d.wonk.com.NS*.d.wonk.com.<type>d.wonk.com.NS*.wonk.com.<type>

[0175] This invention embodies a query strategy that significantly reduces the average number of database queries required to complete a DNS query.

[0176] There are essentially two common cases:

[0177] (1) no sub-delegation—Query gets simple answer for foo.wonk.com

[0178] (2) the system will end-up telling about sub-delegation—Query made for a.b.c.d.wonk.com gets NS for d.wonk.com

[0179] In both of the common cases noted above, the answer “dname” is likely to be one component longer than the zone name. So, the system tests this before making the query (i.e., the system does not want to query for “a.b.c.d wonk.com”, “b.c.d.wonk.com”, and “c.d.wonk.com” just to finally say that the delegation is made at “d.wonk.com”).

[0180] Consequently, the following query optimization (in the query mechanism 106) can be used:

[0181] If the requested name is one component longer than zone name, then look for a quick answer.

[0182] This can be written as:

22if (shorten(req.dname) == ZONE) {SQL(<req.dname>, <type>##SQL(d.wonk.com, <type>,shorten(<req.dname>), NS)##wonk.com, NS)if (<type> found)return answer;save_NS_for_later( );SQL(req.dname, NS,“*” + shorten(req.dname), <type>);if (“*” found, return answer and my NS records);if (NS found, return authority);return(NXDOMAIN);}

[0183] If long request name, check for shortest delegation first. For example, if the request name is “a.b.c.d.wonk.com”, check if “d.wonk.com” has NS.

[0184] SQL(shorten.to_one_piece(<req.dname>), NS); if (NS found) return;

[0185] If neither optimization worked then start with original question.

23SQL(<req.name>, <type>,zone.name, NS);if (answer found) {return(answer + NS);} else {save_NS_for_later( );}

[0186] If no answer is found then loop through and look for NS delegations.

24for (working_name = req.dname,next_name = shorten(working_name);next != zone;working_name = next_name, next_name =shorten(working_name)) {SQL(working_name, NS);if (NS found) return;}

[0187] No delegation made.

[0188] Now loop looking for “*” records.

25for (working name = shorten(req.dname),next_name = shorten(working_name)next != zone;working_name = next_name, next_name =shorten(working_name)) {SQL(“*” + working_name, <type>;if (<type> found) {return (answer + save_NS_records)}}return (NXDOMAIN);

EXAMPLE

[0189] Give the example query “foo.bar.wonk.com. MX”, call following SQL (Table XX) with following variables:

[0190] req.name1=“foo.bar.wonk.com.”

[0191] req.name2=“*.bar.wonk.com.”

[0192] req.name3=“bar.wonk.com.”

[0193] req.type=15 (this is the MX type)

[0194] req.class=1 (this is the IN class)

[0195] req.time=<current_time>

[0196] req.server=<server ID#>

[0197] req.ipaddr=<incoming pkt IP source>

26SQL QUERYSELECT * FROM RRJUMBO, RRThe main “start with” clause gets the ANSWERS and AUTHORATATIVE, plus it gets any“*” records that exist.START WITH((RR.dname = ‘req.name1’ AND ((RR.type = ‘req.type’)OR (RR.type = = 2)))OR(RR.dname = ‘req.name2’ AND (RR.type = ‘req.type’))OR(RR.dname = ‘req.name3’ AND (RR.type = 2)))ANDRR.class = ‘req.class’ANDsubstr(RR.time, ‘req.time’, 1) = 1ANDsubstr(RR.servers, ‘req.server’, 1) = 1ANDRR.active = 1ANDRR.dead = 0ANDThis is part of main query, that handles the IPv4rangeEXISTS (select * FROM ipv4range, IP WHERERR.ipv4addr = IP.ipidANDIP.low <= req.ipaddrANDIP.high >= req.ipaddrANDIP.flag = 2AND)This part of query grabs ADDITIONAL recordsCONNECT BYPRIOR ref1 = dnameANDtype = 1ANDclass = ‘req.class’ANDsubstr(time, ‘req.time’, 1) = 1ANDsubstr(servers, ‘req.server’, 1) = 1ANDactive = 1ANDdead = 0ANDMake certain ADDITIONAL RECORDS also have IPv4 permissionEXISTS (select * FROM ipv4range, IP WHERERR.ipv4addr = IP.ipidANDIP.low <= req.ipaddrANDIP.high >= req.ipaddrANDIP.flag = 2AND)SELECT * FROM rrjumbo, RRSTART WITH((RR.dname = ‘req.name1’ AND ((RR.type = ‘req.type’)OR (RR.type = = 2)))OR(RR.dname = ‘req.name2’ AND (RR.type = ‘req.type’))OR(RR.dname = ‘req.name3’ AND (RR.type = 2)))ANDRR.class = ‘req.class’ANDsubstr(RR.time, ‘req.time’, 1) = 1ANDsubstr(RR.servers, ‘req.server’, 1) = 1ANDRR.active = 1ANDRR.dead = 0ANDEXISTS (select * FROM ipv4range, IP WHERERR.ipv4addr = IP.ipidANDIP.low <= req.ipaddrANDIP.high >= req.ipaddrANDIP.flag = 2AND)CONNECT BYPRIOR ref1 = dnameANDtype = 1ANDclass = ‘req.class’ANDsubstr(time, ‘req.time’, 1) = 1ANDsubstr(servers, ‘req.server’, 1) = 1ANDactive = 1ANDdead = 0ANDEXISTS (select * FROM ipv4range, IP WHERERR.ipv4addr = IP.ipidANDIP.low <= req.ipaddrANDIP.high >= req.ipaddrANDIP.flag = 2AND)

[0198] Other Features

[0199] Building a modular system has allowed additional mechanisms to be incorporated easily into the system which can serve as the base for new features/uses.

[0200] Configurable Resource Record Types

[0201] The DNS according to some embodiments of the present invention has over thirty (30) defined resource record types, which provide data formats/fields for use by different applications; current implementations hard-code the type definitions. Thus, the present invention offers users the ability to dynamically configure RR types, to allow directory-enabled applications to be deployed and tested within short time frames.

[0202] Context Sensitive (Query-Specific) Answers

[0203] In the abstract, a directory service maps a query's incoming request (key) to an outgoing response (data indexed by the key). Using a relational database model gives the present invention an effective mechanism to add other components to the lookup key. In the DNS example, a different answer can be given depending on various context information: from the packet (IP address), from the machine (local time), and from global system (which server location). Thus, for example, the system may provide different answers at different times of day or to different geographic regions.

[0204] Dynamic Data Cache

[0205] In some embodiments, the DNS server 100 incorporates a dynamic load-on-demand cache algorithm which significantly enhances performance by reducing the amount of data that must be retrieved from the database 102.

[0206] When an inbound query is received, the server 100 will first attempt to find the answer in the data cache 110. If the answer exists and is fresh, the response will be sent directly from the cached data stored in data cache 110. If the answer exists in the cache 110 but is stale, or if the answer does not yet exist in the cache, the data will be acquired from the database 102, transmitted in the response, and then added to or updated within the cache 110. In some embodiments, the cache is maintained in a Most Recently Used order to optimize lookup times and facilitate cache management.

[0207] Items in the cache 110 have a maximum lifetime which ranges from the time to live (TTL) of the lowest resource record (RR) in the complete answer to the maximum cache time value configured for the server as a whole. For records that change frequently, the TTL value can be set to zero to ensure the data is never added to cache and always retrieved from the database.

[0208] By setting a relatively short lifetime on data in the cache 110, the server 100 can provide maximum throughput while still offering near real-time propagation of zone changes. Because the cache is load-on-demand, the DNS daemon can be up and ready to respond to queries within moments of execution.

[0209] In addition to normal caching of DNS response data, the cache algorithm is designed so that negative caching is also achieved. For example, if a request is made for a host that does not exist in an active domain, the negative response will be saved just like a valid response. If the server is for some reason hit with a barrage of requests for this same invalid host, they can be filled using the negative response in cache, once again eliminating unnecessary calls to the database.

[0210] Further, in some embodiments, a management thread is incorporated into the cache design. This thread comes to life at a configurable interval and walks through the RR data cache, deleting any stale entries that it encounters. This feature ensures that the most active data is always the most readily available.

[0211] In some embodiments, a cache invalidation mechanism is incorporated that is responsible for removing (or modifying) data within the dynamic cache so that the cache accurately and acceptably reflects changes made to the primary data repository.

[0212] Implementation Details

[0213] An embodiment of this invention has been implemented. The DNS server 100 was designed on top of and tightly integrated with the database 102. The database 102 was implemented using Oracle, however, care was taken to modularize the database interface so that the system could easily be integrated with a database from a different vendor, such as Sybase or Informix. The server was developed using Gnu C++ on a Linux platform. The server build process was later expanded to support both Linux and Solaris.

[0214] Implementations of the present invention can be written in any suitable high-level computer language. Further, while aspects of the present invention have been implemented in software running on a computer system as described above, all aspects of the present invention can also be implemented in hardware or in a combination of software and hardware. That is, although described with reference to a particular system, the present invention operates on any computer system and can be implemented in software, hardware or any combination thereof. When implemented fully or partially in software, the invention can reside, permanently or temporarily, on any memory or storage medium, including but not limited to a RAM, a ROM, a disk, an ASIC, a PROM and the like.

[0215] Relevant portions of the source code are included in the appendix to this application, which source code appendix is considered to be part of the application. The source code is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.

[0216] While the above embodiments relate to domain name processing, one skilled in the art will realize that domain names are merely one example of directory services, and that the present invention is applicable to other directory services.

[0217] Thus are provided methods, systems and devices for scalable domain name resolution. One skilled in the art will appreciate that the present invention can be

Claims

1. A low delay domain name resolution system, comprising: one or more servers, each of the servers configured to resolve domain name resolution requests and including a routing mechanism reactive to a state of the server; each of the servers including a query mechanism, the query mechanism configured to obtain a group of records from a database using one or more compound database queries, such that the server obtains the group of records at a data rate faster than the underlying data retrieval rate of the database.
2. The system of claim 1 in which the query mechanism is further configured to organize a sequence of multiple queries based on the records obtained using earlier queries.
3. The system of claim 1 in which the query mechanism is further configured to organize the sequence of multiple queries by forming, for each domain name resolution request, at least one common case query based on the content of the domain name query, and to execute the at least one common case query prior to any other general query.
4. The system of claim 3 in which the records are maintained according to a plurality of domain name zones, and the query mechanism is further configured to optimize a sequence of the common case queries based on statistics maintained for each zone.
5. The system of claim 1, wherein a single one of the compound queries obtains from the database all records required to construct a domain name resolution response.
6. The system of claim 5, in which the compound query retrieves combinations of answer, authority and additional records from the database.
7. The system of claim 6, in which the compound query retrieves available CNAME records from the database.
8. The system of claim 3, in which the common case queries are based on the outcome probabilities for the domain name resolution request.
9. The system of claim 1, wherein the records obtained from the database include an Internet Protocol address corresponding to the domain name resolution request.
10. The system of claim 1, in which the routing mechanism routes domain name resolution requests to the nearest server based on user proximity information.
11. The system of claim 1, in which the routing mechanism monitors each server and withdraws routes to servers that do not respond to domain name resolution requests.
12. A low delay domain name resolution method, comprising: receiving a domain name resolution request at one or more servers; forming, using a query mechanism, at least one compound database query corresponding to the domain name resolution request; sending the at least one compound database query to a database; obtaining from the database a domain name resolution response including a group of database records, wherein the records are received by the one or more servers at a data rate faster than the underlying data retrieval rate of the database.
13. The method of claim 12, further comprising organizing a sequence of multiple queries based on the records obtained using earlier queries.
14. The method of claim 13 in which the organizing further comprises: forming, for each domain name resolution request, at least one common case query based on the content of the domain name query; and performing the at least one common case query prior to any other general query.
15. The method of claim 14, in which the records are maintained according to a plurality of domain name zones, and in which the forming at least one common case query is based on statistics maintained for each zone.
16. The method of claim 12, wherein a single one of the compound queries obtains from the database all records required to construct a domain name resolution response.
17. The method of claim 12, in which the group of records comprises combinations of answer, authority and additional records from the database.
18. The method of claim 17, in which the group of records further comprises available CNAME records from the database.
19. The method of claim 14, in which the common case queries are based on the outcome probabilities for the domain name resolution request.
20. The method of claim 12, wherein the records obtained from the database include an Internet Protocol address corresponding to the domain name resolution request.
21. The method of claim 12, further comprising routing the domain name resolution request to the nearest server based on user proximity information.
22. The method of claim 12, further comprising: monitoring each server; and withdrawing routes to servers that do not respond to domain name resolution requests.
23. A method of providing an answer to a request for an Internet Protocol (IP) address of one of a plurality of devices on the Internet, the method comprising: obtaining a user request for an IP address corresponding to a domain name; determining, if there is a plurality of choices of authoritative name servers from where an answer can be obtained, an authoritative name server based on common case optimization, the answer containing at least one IP address corresponding to the domain name and other relevant information; constructing an aggregated query with respect to the authoritative name server to retrieve the answer; and providing the answer by querying the authoritative name server using the aggregated query.
24. The method according to claim 23, wherein the other relevant information includes at least some of: names of at least one authoritative name server; and IP addresses of the at least one authoritative server.
25. The method according to claim 23, wherein determining the authoritative name server based on common case optimization comprises: selecting, if the domain name is one label longer than that of the name of the zone for which a first name server that receives the request is responsible, the first name server representing the zone as the authoritative name server; selecting, if no answer is obtained from the first name server representing the zone, a second name server that has been delegated for the next level domain name relative to the zone as the authoritative name server; selecting, if no answer is obtained from the second name server, the authoritative name server by at least one of: recursively selecting the authoritative name server with respect to the domain name until the answer is found; or selecting the authoritative name server based on statistics dynamically collected with respect to zones represented by different authoritative name servers.
26. The method according to claim 23, wherein said constructing comprises: extracting the domain name from the request; deriving at least one domain name corresponding to at least one authoritative name server; identifying context information; and building the aggregated query based on the domain name, the at least one authoritative name serve domain name, and the context information.
27. The method according to claim 26, wherein the context information includes at least one of: context information from the user request; local context information; and global context information.
28. The method according to claim 27, wherein the context information includes address information indicating an address of the user.
29. The method according to claim 27, wherein the context information includes the local time.
30. The method according to claim 27, wherein the context information includes a geographic location.
31. The method according to claim 23, wherein providing the answer comprises: querying the authoritative name server using the aggregated query; receiving query result from the authoritative name server; and deriving the answer from the query result.
32. The method according to claim 31, wherein said querying includes retrieving the query result from a cache.
33. The method according to claim 32, wherein said retrieving query result from the cache comprises: identifying the query result in the cache; and validating the query result.
34. The method according to claim 33, wherein said validating comprises: if the query result is fresh, sending the query result directly from the cache; and if the query result either is stale or does not exist in the cache, then retrieving the query result from a database; sending the query result; and updating the cache to reflect the retrieved query result.
35. The method according to claim 34, wherein items in the cache includes individual records or aggregated records.
36. The method according to claim 35, wherein each record in the cache corresponds to either: a positive record representing a positive query result wherein a request is made for a host that exists in an active domain; or a negative record representing a negative query result wherein a request is made for a host that does not exist in an active domain.
37. The method according to claim 36, wherein each record in the cache has a maximum lifetime, ranging from the time to live for the lowest resource record in a complete answer to a maximum cache time value, used to evaluate whether the each record is stale.
38. The method according to claim 34, further comprising: retrieving the query result from a database of the authoritative name server if the query result is not found in the cache.
39. A system for processing domain name requests, the system comprising: a query mechanism constructed and adapted to: obtain a user request for an IP address corresponding to a domain name; determine, if there is a plurality of choices of authoritative name servers from where an answer can be obtained, an authoritative name server based on common case optimization, the answer containing at least one IP address corresponding to the domain name and other relevant information; construct an aggregated query with respect to the authoritative name server to retrieve the answer; and provide the answer by querying the authoritative name server using the aggregated query.
40. The system according to claim 39, wherein the other relevant information includes at least some of: names of at least one authoritative name server; and IP addresses of the at least one authoritative server.
41. The system according to claim 39, wherein determine the authoritative name server based on common case optimization comprises: selecting, if the domain name is one label longer than that of the name of the zone for which a first name server that receives the request is responsible, the first name server representing the zone as the authoritative name server; selecting, if no answer is obtained from the first name server representing the zone, a second name server that has been delegated for the next level domain name relative to the zone as the authoritative name server; selecting, if no answer is obtained from the second name server, the authoritative name server by at least one of: recursively selecting the authoritative name server with respect to the domain name until the answer is found; or selecting the authoritative name server based on statistics dynamically collected with respect to zones represented by different authoritative name servers.
42. The system according to claim 39, wherein said construct the aggregated query comprises: extracting the domain name from the request; deriving at least one domain name corresponding to at least one authoritative name server; identifying context information; and building the aggregated query based on the domain name, the at least one authoritative name serve domain name, and the context information.
43. The system according to claim 42, wherein the context information includes at least one of: context information from the user request; local context information; and global context information.
44. The system according to claim 42, wherein the context information includes address information indicating an address of the user.
45. The system according to claim 44, wherein the context information includes the local time.
46. The system according to claim 42, wherein the context information includes a geographic location.
47. The system according to claim 39, wherein provide the answer comprises: querying the authoritative name server using the aggregated query; receiving query result from the authoritative name server; and deriving the answer from the query result.
48. The system according to claim 47, further comprising a cache wherein the query mechanism is constructed and adapted to perform the query by attempting first to retrieve the query result from the cache.
49. The system according to claim 48, wherein said retrieving query result from the cache comprises: identifying the query result in the cache; and validating the query result.
50. The system according to claim 49, wherein said validating comprises: if the query result is fresh, sending the query result directly from the cache; and if the query result either is stale or does not exist in the cache, then retrieving the query result from a database; sending the query result; and updating the cache to reflect the retrieved query result.
51. The system according to claim 50, wherein items in the cache includes individual records or aggregated records.
52. The system according to claim 51, wherein each record in the cache corresponds to either: a positive record representing a positive query result wherein a request is made for a host that exists in an active domain; or a negative record representing a negative query result wherein a request is made for a host that does not exist in an active domain.
53. The system according to claim 52, wherein each record in the cache has a maximum lifetime, ranging from the time to live for the lowest resource record in a complete answer to a maximum cache time value, used to evaluate whether the each record is stale.
54. The system according to claim 53, wherein the query mechanism is further constructed and adapted to retrieve, when the query result is not found in the cache, the query result from a database of the authoritative name server.

RELATED APPLICATIONS

[0001] This patent application is a division under 35 USC §120 of U.S. patent application Ser. No. 09/516,181 entitled “SCALABLE AND EFFICIENT DOMAIN NAME RESOLUTION,” filed Mar. 1, 2000, co-pending, and is related to and claims priority under 35 USC §119(e) to U.S. Provisional Patent Application No. 60/124,022, titled “DOMAIN NAME RESOLUTION,” filed Mar. 3, 1999, which is incorporated herein by reference.

Provisional Applications (1)

	Number	Date	Country
	60124022	Mar 1999	US

Divisions (1)

	Number	Date	Country
Parent	09516181	Mar 2000	US
Child	10463663	Jun 2003	US

Domain name resolution system and method

Information

Publication Number

Date Filed

Date Published

Inventors

Original Assignees

CPC

US Classifications

International Classifications

Abstract

Description

Claims

RELATED APPLICATIONS

Provisional Applications (1)

Divisions (1)