| 摘要 |
PROBLEM TO BE SOLVED: To provide a method, system, and computer program product embodied in a computer readable storage medium for identifying a rogue domain name service (DNS) server.SOLUTION: Embodiments comprise: passively monitoring traffic on a target network; and identifying a DNS resolution response in the traffic on the network. The DNS resolution response includes a mapping of a domain to an Internet Protocol (IP) address. The DNS resolution response is compared with a preconfigured list of known mappings of domains to IP addresses. Based on results of the comparison, it can be determined whether the DNS resolution response is correct. In cases where the DNS resolution response is incorrect, the provider of the DNS resolution response is a rogue DNS server. |
