| 摘要 |
Systems and methods for creating a list of trustworthy resolvers in a domain name system. A computer receives a resolver profile for a resolver sending queries to a domain name server. The resolver profile is based on one or more of a top-talker status of the resolver, a normalcy of distribution of domain names queried, a continuity of distribution of query type, and an IP time-to-live variance of queries from the resolver. Resolver profiles can be compared to a trust policy to determine whether the resolver is trustworthy. Resolvers deemed trustworthy can be added to a list of trustworthy resolvers. Embodiments can detect the occurrence of a network-based attack. Embodiments can mitigate the effect of a network-based attack by responding only to queries from resolvers on the list of trustworthy resolvers. QUERIES FROM A RESOLVE 710 715 720 725 IP TTL VARIANCE Q-TYPE PROFILE Q-NAME PROFILE TO-TLKRINCREASE? CHANGE? CHANGE? RESOLVER PROFILE TRUST IS THE PROFILE POLICY TRSWRH? NO 745 NO MODE? ADD TO WHITE L1ST 70 RESPOND TO N QUERIES 70 IGNORE QUERIES FROM THIS RESOLVER FROM THIS RESOLVER Figure 7 |
