IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0952118
(2010-11-22)
|
등록번호 |
US-8452874
(2013-05-28)
|
발명자
/ 주소 |
- MacCarthaigh, Colm
- Richardson, David R.
- Redman, Benjamin W. S.
|
출원인 / 주소 |
- Amazon Technologies, Inc.
|
대리인 / 주소 |
Knobbe, Martens, Olson & Bear LLP
|
인용정보 |
피인용 횟수 :
113 인용 특허 :
138 |
초록
▼
Generally described, the present disclosure is directed to managing request routing functionality corresponding to resource requests for one or more resources associated with a content provider. The processing of the DNS requests by the service provider can include the selective filtering of DNS que
Generally described, the present disclosure is directed to managing request routing functionality corresponding to resource requests for one or more resources associated with a content provider. The processing of the DNS requests by the service provider can include the selective filtering of DNS queries associated with a DNS query-based attack. A service provider can assign DNS servers corresponding to a distributed set of network addresses, or portions of network addresses, such that DNS queries exceeding a threshold, such as in DNS query-based attacks, can be filtered in a manner that can mitigate performance impact on for the content provider or service provider.
대표청구항
▼
1. A computer-implemented method for managing DNS queries comprising: obtaining, by a service provider, a request for hosting DNS query services for an identifiable domain;determining, by the service provider, a number of assignable network address subdivisions, wherein each network address subdivis
1. A computer-implemented method for managing DNS queries comprising: obtaining, by a service provider, a request for hosting DNS query services for an identifiable domain;determining, by the service provider, a number of assignable network address subdivisions, wherein each network address subdivision corresponds to a range within a pool of available network addresses for service provider DNS server computing devices;assigning, by the service provider, a network address in each of the determined network address subdivisions, wherein the assigned network addresses from each subdivision for the identifiable domain are not matching; andtransmitting, by the service provider, the assigned network address for each determined network address subdivision, wherein DNS server computing devices corresponding to the assigned network addresses will be delegated to be authoritative to respond to DNS queries for the identifiable domain. 2. The method as recited in claim 1, wherein each network address subdivision corresponds to one of four ranges of available network addresses for service provider DNS server computing devices. 3. The method as recited in claim 2, wherein the four ranges of available network addresses are evenly distributed. 4. The method as recited in claim 1, wherein assigning the network address in each of the determined network address subdivisions includes selecting a network address from each determined network address subdivision such that the significant portion of the assigned networks addresses do not match. 5. The method as recited in claim 1, wherein assigning the network address in each of the determined network address subdivisions further includes preventing the assignment of network addresses that results in the matching of a threshold number of significant portions of the assigned network addresses between the identifiable domain and other domains. 6. The method as recited in claim 5, wherein the threshold number of network addresses is defined such that between the identifiable domain and the other domains, there is at least one significant portion of the assigned network addresses that does not match. 7. The method as recited in claim 1, wherein assigning the network address in each of the determined network address subdivision includes performing conflict resolution removing one or more network addresses not available to be assigned due to domain based conflicts. 8. The method as recited in claim 1, wherein assigning the network address in each of the determined network address subdivision includes assigning a uniquely named DNS server that has been previously associated with the identified network address. 9. The method as recited in claim 1, wherein assigning the network address in each of the determined network address subdivisions includes selecting a non-significant portion of each assigned network address such that a threshold number of the non-significant portions of the network addresses for the identifiable domain are not matching. 10. The method as recited in claim 9, wherein the threshold number of non-matching non-significant portions of network addresses includes all the assigned network addresses such that for the identifiable domain, none of the non-significant portions of all the assigned network addresses match. 11. The method as recited in claim 1, wherein the network addresses correspond to Internet protocol network addresses. 12. A system for managing DNS queries comprising: a DNS query processor device, at a service provider, operative to:obtain, by the service provider, a request for hosting DNS query services for an identifiable domain;determine, by the service provider, a number of assignable network address subdivisions, wherein each network address subdivision corresponds to a range within a pool of available network addresses for service provider DNS server computing devices;assign, by the service provider, a network address in each of the determined network address subdivisions, wherein the assigned network addresses from each subdivision for the identifiable domain are not matching; andtransmit, by the service provider, the assigned network address for each determined network address subdivision, wherein DNS server computing devices corresponding to the assigned network addresses will be delegated to be authoritative to respond to DNS queries for the identifiable domain. 13. The system as recited in claim 12, wherein each network address subdivision corresponds to one of four ranges of available network addresses for service provider DNS server computing devices. 14. The system as recited in claim 13, wherein the four ranges of available network addresses are evenly distributed. 15. The system as recited in claim 12, wherein assigning the network address in each of the determined network address subdivisions includes selecting a network address from each determined network address subdivision such that the significant portion of the assigned networks addresses do not match. 16. The system as recited in claim 12, wherein assigning the network address in each of the determined network address subdivisions further includes preventing the assignment of network addresses that results in the matching of a threshold number of significant portions of the assigned network addresses between the identifiable domain and other domains. 17. The system as recited in claim 16, wherein the threshold number of network addresses is defined such that between the identifiable domain and the other domains, there is at least one significant portion of the assigned network addresses that does not match. 18. The system as recited in claim 12, wherein assigning the network address in each of the determined network address subdivision includes performing conflict resolution removing one or more network addresses not available to be assigned due to domain based conflicts. 19. The system as recited in claim 12, wherein assigning the network address in each of the determined network address subdivision includes assigning a uniquely named DNS server that has been previously associated with the identified network address. 20. The system as recited in claim 12, wherein assigning the network address in each of the determined network address subdivisions includes selecting a non-significant portion of each assigned network address such that a threshold number of the non-significant portions of the network addresses for the identifiable domain are not matching. 21. The system as recited in claim 20, wherein the threshold number of non-matching non-significant portions of network addresses includes all the assigned network addresses such that for the identifiable domain, none of the non-significant portions of all the assigned network addresses match. 22. The system as recited in claim 12, wherein the network addresses correspond to Internet protocol network addresses. 23. A non-transitory, computer-readable storage medium having one or more computer-executable components for managing DNS queries, the one or more computer-executable components comprising computer-executable instructions to: obtain, by a service provider, a request for hosting DNS query services for an identifiable domain;determine, by the service provider, a number of assignable network address subdivisions, wherein each network address subdivision corresponds to a range within a pool of available network addresses for service provider DNS server computing devices;assign, by the service provider, a network address in each of the determined network address subdivisions, wherein the assigned network addresses from each subdivision for the identifiable domain are not matching; andtransmit, by the service provider, the assigned network address for each determined network address subdivision, wherein DNS server computing devices corresponding to the assigned network addresses will be delegated to be authoritative to respond to DNS queries for the identifiable domain. 24. The computer-readable storage medium as recited in claim 23, wherein each network address subdivision corresponds to one of four ranges of available network addresses for service provider DNS server computing devices. 25. The computer-readable storage medium as recited in claim 24, wherein the four ranges of available network addresses are evenly distributed. 26. The computer-readable storage medium as recited in claim 23, wherein assigning the network address in each of the determined network address subdivisions includes selecting a network address from each determined network address subdivision such that the significant portion of the assigned networks addresses do not match. 27. The computer-readable storage medium as recited in claim 23, wherein assigning the network address in each of the determined network address subdivisions further includes preventing the assignment of network addresses that results in the matching of a threshold number of significant portions of the assigned network addresses between the identifiable domain and other domains. 28. The computer-readable storage medium as recited in claim 27, wherein the threshold number of network addresses is defined such that between the identifiable domain and the other domains, there is at least one significant portion of the assigned network addresses that does not match. 29. The computer-readable storage medium as recited in claim 23, wherein assigning the network address in each of the determined network address subdivision includes performing conflict resolution removing one or more network addresses not available to be assigned due to domain based conflicts. 30. The computer-readable storage medium as recited in claim 23, wherein assigning the network address in each of the determined network address subdivision includes assigning a uniquely named DNS server that has been previously associated with the identified network address. 31. The computer-readable storage medium as recited in claim 23, wherein assigning the network address in each of the determined network address subdivisions includes selecting a non-significant portion of each assigned network address such that a threshold number of the non-significant portions of the network addresses for the identifiable domain are not matching. 32. The computer-readable storage medium as recited in claim 31, wherein the threshold number of non-matching non-significant portions of network addresses includes all the assigned network addresses such that for the identifiable domain, none of the non-significant portions of all the assigned network addresses match. 33. The computer-readable storage medium as recited in claim 23, wherein the network addresses correspond to Internet protocol network addresses.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.