摘要 |
Correlating network DNS data to filter content is disclosed. In one embodiment, a DNS request made by an internal host in a network to obtain an IP address and the corresponding response from a DNS server are intercepted and cached. By caching the DNS request and the corresponding response, the IP address the host thinks is associated with the domain name, URI, or other identifier for which the corresponding IP address was requested from the DNS server is known. When the host subsequently uses the IP address to open a TCP (or TCP/IP) connection, the IP address is mapped to the corresponding domain name in the cache and it is determined whether the domain name is in a block list.
|