DOMAIN NAME SYSTEM SECURITY NETWORK

摘要

In one embodiment, a DNS security network includes several DNS appliances (210) and a security operations center (SOC) server computer (260). The SOC server computer (260) may receive telemetry data (382) from the DNS appliances (210), the telemetry data (382) comprising information about DNS client queries received in the respective DNS appliances (210). From the telemetry data (382), the SOC server computer may generate security policies (381) for distribution to the DNS appliances (210). The security policies (381) may be used by the DNS appliances (210) to determine whether a DNS client query is originated by a client computer performing a prohibited activity (e.g., sending spam, communicating with a zombie control computer, navigating to a prohibited website, etc.). An answer to a client query may be replaced or discarded altogether in cases where the originator is performing a prohibited activity.