Transparent Proxy Authentication Via DNS Processing

摘要

A DNS nameserver processes requests for domain name information based on subscriber identifiers, and optionally subscriber information. Based on a subscriber identifier, requests for a target domain name may generate a DNS response with domain name information for a proxy service. Techniques are provided to seamlessly and transparently authenticate a subscriber at the proxy service. The proxy service generates a redirect with a unique domain name including a tracking identifier in response to requests for a target domain name. The nameserver receives a request associated with the unique domain name. The nameserver responds with domain name information of the proxy service and generates a message to the proxy service mapping the tracking identifier to the subscriber identifier. The client then generates a request to the proxy service that includes the tracking identifier. The proxy service uses the mapping from the nameserver to authenticate the corresponding subscriber identifier.

主权项

1. A method of computer network processing, comprising:
receiving at a proxy service a first request associated with a target domain name; in response to the first request, generating a first identifier and a first domain name including the first identifier; providing a redirect response from the proxy service including the first domain name in response to the first request; receiving at the proxy service from a DNS nameserver a message including a subscriber identifier for the first identifier; receiving at the proxy service a second request associated with the target domain name, the second request including the first identifier; determining in response to the second request the subscriber identifier corresponding to the first identifier based on the message from the DNS nameserver; and generating a response to the second request based on the subscriber identifier.