Identifying services provided over secured connections using DNS caching

摘要

A method for communication includes intercepting Domain Name System (DNS) messages that are sent in a communication network in preparation for setting up respective communication sessions that provide respective services associated with respective service types. DNS information that is indicative of the respective service types is extracted from the intercepted DNS messages, and the extracted DNS information is cached. A service type associated with a given communication session is identified using the cached DNS information, and a traffic policy is applied to the given communication session depending on the identified service type.

主权项

1. A method for communication, comprising:
intercepting Domain Name System (DNS) messages that are sent in a communication network in preparation for setting up respective communication sessions that provide respective services associated with respective service types; extracting from the intercepted DNS messages DNS information that is indicative of the respective service types, including extracting Uniform Resource Identifiers (URIs) identifying hosts in the communication network to which users attempt to connect, and respective IP addresses of the hosts, and mapping the extracted URIs to one or more predefined service types; caching the extracted DNS information, including caching the extracted IP addresses and the one or more service types in association with one another; identifying a service type associated with a given communication session using the cached DNS information, by intercepting in traffic of the given communication session a host IP address of a host associated with the given communication session, retrieving a cached host URI that is associated with the host IP address, and mapping the host URI to respective one or more predefined service types; and applying a traffic policy to the given communication session depending on the identified service type.