| 发明名称 |
SYSTEMS AND METHODS FOR PRE-SIGNING OF DNSSEC ENABLED ZONES INTO RECORD SETS |
| 摘要 |
Implementations relate to systems and methods for pre-signing of DNSSEC enabled zones into record sets. A domain name system (DNS) can receive and/or impose a set of DNS policies desired by an administrator, or the DNS operator itself to govern domain name resolution with security extensions (DNSSEC) for a Web domain. The DNS can generate a set of answers to user questions directed to the domain based on the set of policies. Those answers which differ or vary based on policy rules can be stored as variant answers, and can be labeled with a variant ID. The variant answers can be pre-signed and stored in the DNS. Because key data and other information is generated and stored before a DNS request is received, the requested variant answer can be returned with greater responsiveness and security. |
| 申请公布号 |
US2014282847(A1) |
申请公布日期 |
2014.09.18 |
| 申请号 |
US201314092528 |
申请日期 |
2013.11.27 |
| 申请人 |
VERISIGN, INC. |
发明人 |
Blacka David;Pandrangi Ramakant |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of conducting domain name system operations, comprising:
accessing a set of policies for operation of a domain name system (DNS) using a domain name system with security extensions (DNSSEC); generating a set of answers to questions associated with a set of domain names of a zone, based on the set of policies; generating a set of signed answers from the set of answers and a set of key data; storing the set of signed answers in a zone file; receiving a question from a resolver; and retrieving a signed answer based on the question received from the resolver and the set of policies to transmit to the resolver. |
| 地址 |
Reston VA US |
