| 摘要 |
A computer receives a resolver profile (730) for a resolver sending queries to a domain name server. The resolver profile is based on any, or a combination, of a top-talker status of the resolver (710), a normalcy of distribution of domain names queried (715), a continuity of distribution of query type (720, 725), and a RD bit status (727), and information related to query traffic based on the topology of the domain name server (729). Resolver profiles can be compared to a trust policy (735) to determine whether the resolver is trustworthy (740). Resolvers deemed trustworthy can be added to a list of trustworthy resolvers (745). Embodiments can detect the occurrence of a network-based attack, in particular a DDoS-attack. Embodiments can mitigate the effect of a network-based attack by responding only to queries from resolvers on the list of trustworthy resolvers (750, 760). |
