WO2018233844A1 - Methods and apparatus for responding to a dns query and handling a connection request - Google Patents

Methods and apparatus for responding to a dns query and handling a connection request Download PDF

Info

Publication number
WO2018233844A1
WO2018233844A1 PCT/EP2017/065538 EP2017065538W WO2018233844A1 WO 2018233844 A1 WO2018233844 A1 WO 2018233844A1 EP 2017065538 W EP2017065538 W EP 2017065538W WO 2018233844 A1 WO2018233844 A1 WO 2018233844A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
addresses
destination
unresponsive
list
Prior art date
Application number
PCT/EP2017/065538
Other languages
French (fr)
Inventor
Robert Skog
Marcus IHLAR
John Orre
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/EP2017/065538 priority Critical patent/WO2018233844A1/en
Publication of WO2018233844A1 publication Critical patent/WO2018233844A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1031Controlling of the operation of servers by a load balancer, e.g. adding or removing servers that serve requests
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1034Reaction to server failures by a load balancer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/40Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection

Definitions

  • Examples of the present disclosure relate to methods, apparatus and computer-readable media for responding to a Domain Name System (DNS) query in a communications network, and connection request handling, for example in a proxy server.
  • DNS Domain Name System
  • a proxy node in a communications network is a network node that acts as an intermediary between a client node and another node, referred to herein as the origin server, such as a content server for example.
  • the origin server such as a content server for example.
  • a request from the client node to connect to the origin server is received by the proxy node.
  • the proxy node may establish a connection with both the client node and the origin server so that communications between the client node and the origin server pass through the proxy server.
  • a proxy server When a proxy server receives a connection request, such as for example a Transmission Control Protocol (TCP) connection request, from a client node to connect to an origin server, the proxy node sends a connection request to the origin server.
  • the proxy node may wait until the connection between the proxy node and the origin server has been established, before accepting the connection request from the client node.
  • the proxy node may accept the connection request from the client node before a connection between the proxy node and the origin server has been established.
  • TCP Transmission Control Protocol
  • the origin server may be unresponsive.
  • the origin server may be inoperative, or may fail to respond to some or all communications within a certain time period.
  • the client node may wait until the connection request has timed out before attempting to connect to the same origin server again, or searching for an alternative origin server, which may considerably increase the time taken to connect to an origin server, and may also increase network traffic.
  • One aspect of the present disclosure provides a method of responding to a Domain Name System (DNS) query in a communications network.
  • DNS Domain Name System
  • the method comprises obtaining data in response to receipt of a DNS Query message from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message.
  • IP Internet Protocol
  • the method also comprises determining whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses and, responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modifying the data to remove the at least one IP address and forwarding the modified data to the client node.
  • Another aspect of the disclosure provides a method of handling a connection request in a node of a communications network.
  • a connection request is received from a client node, the connection request associated with a destination IP address.
  • the method comprises querying a list of unresponsive IP addresses to determine whether the destination IP address is in the list and, responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallowing the connection request from the client node.
  • a further aspect of the disclosure provides apparatus for responding to a Domain Name System (DNS) query in a communications network.
  • DNS Domain Name System
  • the apparatus is configured to obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message.
  • IP Internet Protocol
  • the apparatus is also configured to determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses and, responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modifying the data to remove the at least one IP address and forwarding the modified data to the client node.
  • a still further aspect of the disclosure provides apparatus for responding to a Domain Name System (DNS) query in a communications network.
  • the apparatus comprises a processor and a memory, the memory containing instructions executable by the processor such that the apparatus is operable to obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message, to determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses and, responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, to modify the data to remove the at least one IP address and forwarding the modified data to the client node.
  • IP Internet Protocol
  • a yet further aspect of the disclosure provides apparatus for handling a connection request in node of a communications network.
  • the apparatus is configured to receive a connection request from a client node, the connection request associated with a destination IP address, and to query a list of unresponsive IP addresses to determine whether the destination IP address is in the list.
  • the apparatus is also configured to, responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallow the connection request from the client node.
  • the apparatus comprising a processor and a memory, the memory containing instructions executable by the processor such that the apparatus is operable to receive a connection request from a client node, the connection request associated with a destination IP address, query a list of unresponsive IP addresses to determine whether the destination IP address is in the list and, responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallow the connection request from the client node.
  • a further aspect of the disclosure provides apparatus for responding to a Domain Name System (DNS) query in a communications network.
  • DNS Domain Name System
  • the apparatus comprises an obtaining module configured to obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name.
  • IP Internet Protocol
  • determination module configured to determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses, and a modification module configured to modify the data to remove the at least one IP address and forwarding the modified data to the client node if the at least one IP address is in the list of unresponsive IP addresses.
  • a still further aspect of the disclosure provides apparatus for handling a connection request in a node of a communications network.
  • the apparatus comprises a receiving module configured to receive a connection request from a client node, the connection request associated with a destination IP address, a querying module configured to query a list of unresponsive IP addresses to determine whether the destination IP address is in the list, and a disallowing module configured to disallow the connection request from the client node if the destination IP address is in the list of unresponsive IP addresses.
  • Figure 1 is a schematic illustration of an example of a communications network
  • Figure 2 is a schematic illustration of an example of a DNS Request message
  • Figure 3 is a schematic illustration of an example of a DNS Response message
  • Figure 4 is a schematic illustration of another example of a communications network
  • Figure 5 is flow chart of a method according to embodiments of the disclosure
  • Figure 6 is flow chart of another method according to embodiments of the disclosure.
  • Figure 7 is a schematic illustration of an example of apparatus according to embodiments of the disclosure.
  • Figure 8 is a schematic illustration of another example of apparatus according to embodiments of the disclosure.
  • Figure 9 is a schematic illustration of a further example of apparatus according to embodiments of the disclosure.
  • Hardware implementation may include or encompass, without limitation, digital signal processor (DSP) hardware, a reduced instruction set processor, hardware (e.g., digital or analogue) circuitry including but not limited to application specific integrated circuit(s) (ASIC) and/or field programmable gate array(s) (FPGA(s)), and (where appropriate) state machines capable of performing such functions.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • FIG. 1 shows an example of a communications network 100.
  • the network 100 includes a client node 102, origin server 104, proxy server 106 and DNS server 108. Other nodes that are not shown may be present within the network 100.
  • the client node 102 wishes to connect to the origin server 104.
  • the client node 102 wishes to establish a Transmission Control Protocol (TCP) connection such that content can be downloaded to the client node 102 from the origin server 104.
  • TCP Transmission Control Protocol
  • the client node 102 may know a hostname or domain name of the origin server 104, but not the Internet Protocol (IP) address of the origin server 104.
  • IP Internet Protocol
  • the hostname or domain name may be linked to a plurality of origin servers at different IP addresses.
  • the client node 102 sends a Domain Name System (DNS) Request message to the proxy server 106 to determine the IP address of an origin server associated with the hostname or domain name.
  • DNS Domain Name System
  • the DNS request may be sent directly to the proxy server 106, such as for example with the IP address of the proxy server 106 as the destination IP address for the DNS Request message, or the destination IP address may be that of a DNS server (e.g.
  • DNS server 108 in which case the proxy server 106 may receive the Request message and forward it to the DNS server.
  • the proxy server 106 may incorporate a DNS server, such as for example DNS server 108, though in other examples the DNS server 108 may be distinct from the proxy server 106.
  • a DNS server when a DNS server receives a DNS Request message, it may in some examples contact other DNS servers (not shown) in accordance with the DNS protocol.
  • Figure 2 shows an example of a DNS Request message 200.
  • the DNS Request message 200 includes the hostname or domain name 202.
  • the proxy server 106 forwards the DNS Request message to the DNS server 108.
  • the DNS server obtains one or more IP addresses associated with the hostname or domain name in accordance with the Domain Name System and sends a DNS Response message to the proxy server 106.
  • Figure 3 shows an example of a DNS Response message 300.
  • the DNS Response message 300 includes a plurality of IP addresses 302, 304, though in some examples a single IP address may be specified.
  • Associating multiple IP addresses with a hostname or domain name may provide load balancing. For example where a large number of client nodes wish to establish a connection with an origin server associated with a hostname or domain name, the client nodes may be directed to origin servers at different IP addresses.
  • the proxy server 106 forwards the DNS Response message to the client node 102.
  • the client node 102 selects an IP address from the IP addresses specified in the DNS Response message. Where there are multiple IP addresses, the client node 102 may select the first address specified in the DNS Response message, for example.
  • the DNS Server 108 may therefore provide load balancing by varying the order in which multiple IP addresses are provided in DNS Response messages.
  • the client node 102 then attempts to establish a connection with the selected IP address. Therefore, the client node 102 sends a connection request (such as, for example, a TCP SYN message) specifying the selected IP address.
  • the connection request is intercepted by the proxy server 106.
  • the proxy server 106 then sends a connection request (such as, for example, a TCP SYN message) to the origin server 104, using the IP address specified in the connection request from the client node 102.
  • the proxy server 106 may also accept the connection request from the client node 102 before the connection request to the origin server 104 has been accepted, or may wait until the connection request to the origin server 104 is accepted before accepting the request from the client node 102. In either case, if the connection request to the origin server is successful, and the connection request from the client node is connected, there are two connections in the network 100: a first connection between the client node 102 and the proxy server 106, and a second connection between the proxy server 106 and the origin server 104. Thus, the proxy server 106 is able to act as a proxy between the client node 102 and the origin server 104.
  • FIG. 4 shows a communications network 400 according to an embodiment of the disclosure.
  • the network 400 includes a client node 402, proxy server 404, origin server 406 and DNS server 408.
  • the network 400 also includes storage 410 for storing a list of unresponsive IP addresses. Any communications within the network 400 may in some examples pass through other network nodes.
  • Figure 5 shows an example of flow chart of a method 500 for of responding to a Domain Name System (DNS) query in a communications network, such as for example network 400 shown in Figure 4.
  • DNS Domain Name System
  • the method 500 may be implemented by a proxy server, such as for example proxy server 404 shown in Figure 4.
  • the method 500 will be described with reference to the network 400 of Figure 4, although the method and other embodiments may be implemented within an alternative network.
  • a first step 502 of the method 500 comprises obtaining data in response to receipt of a DNS Query message from a client node 402.
  • the DNS Query message may for example be similar to the DNS Query message 200 shown in Figure 2, and may specify a hostname or domain name to which the client node 402 wishes to be connected.
  • the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message.
  • IP addresses may be the addresses of origin servers (such as origin server 406).
  • the data may be obtained from the DNS server 408.
  • the proxy server forwards the DNS Query message, or sends a new DNS Query message including the hostname or domain name, to the DNS server 408.
  • the proxy server 404 receives a DNS Response message from the DNS server that contains the plurality of IP addresses associated with the hostname or domain name.
  • a response to a DNS Query message may be cached in a cache that is local to or accessible by the proxy server 404.
  • the DNS Query message may specify a hostname or domain name that is identical to that specified in an earlier DNS Query message that was received by the proxy server 404.
  • obtaining the data may comprise retrieving the data from the cache.
  • the cache may be held within storage 410 or at any other suitable location.
  • the next step 504 of the method 500 comprises determining whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses.
  • the list of unresponsive IP addresses may be held in storage 410, which may be local to or accessible by the proxy server 404.
  • the list of unresponsive IP addresses includes IP addresses of network nodes, such as origin servers, that are expected to be unresponsive. In other words, for example, requests for connections (e.g. TCP connections) to
  • the method 500 also includes, at step 506, responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modifying the data to remove the at least one IP address and forwarding the modified data to the client node 402. This removes the IP address associated with the unresponsive network node (or where there are multiple IP addresses in the data that are in the list of unresponsive IP addresses, all of them) from the data.
  • the data that is forwarded to the client node 402 does not include IP addresses that are expected to be unresponsive according to the list of unresponsive IP addresses.
  • the IP address that the client node 402 selects from the remaining IP addresses is therefore not in the list of unresponsive IP addresses, and a subsequent connection request from the client node 402 to connect to a node (such as the origin server 406) at the IP address, and a resulting connection request from the proxy server 404 to the node at the IP address, is more likely to result in successful establishment of the connections.
  • one or both of the subsequent connections between the client node and the proxy server 404, and between the proxy server 404 and the origin server 406, are TCP connections.
  • the action of the proxy server 404 may result in load balancing. For example, if a node at an IP address is unresponsive due to a high load, such that it does not have the processing capacity or communications bandwidth to accept any more connection requests, then removal of this IP address from data forwarded to the client node 402 will cause the client node to attempt a connection with other IP addresses associated with the same hostname or domain name. In some circumstances, it may be that all of the IP addresses in the DNS Response message (or where there is only one IP address, that IP address) are in the list of unresponsive IP addresses. In this case, in some examples the data forwarded to the client node 402 may include at least one IP address.
  • the data may include only the first IP address in a list of addresses in the DNS Response message from the DNS server 108, or may include the first predetermined number of addresses, or may include one or more addresses selected randomly from the list, or may include all of the addresses (i.e. the data is unmodified).
  • the data forwarded to the client node 402 may indicate that no address could be found (e.g. all addresses are removed from the data).
  • the data may in some embodiments be forwarded to the client node 402 unmodified, for example in a DNS
  • a connection request is subsequently received by the proxy server 404 from the client node 402 to connect with a node at the selected IP address, but a subsequent attempt by the proxy server 404 to communicate with (e.g. connect to) the node at the IP address (such as for example the origin server 406) is unsuccessful because this node is unresponsive.
  • the IP address is added to the list of unresponsive IP addresses, such that the IP address may be removed from data forwarded to a client node (e.g. the client node 402 or another node) in response to a later DNS Query message.
  • a node at an IP address may be considered as being unresponsive if, for example, an attempt to communicate with (e.g. connect to) the node at the IP address is unsuccessful, or has been unsuccessful a predetermined number of times in a
  • the proxy server 404 may attempt to communicate with IP addresses without first receiving a DNS Query message specifying a hostname or domain name associated with the IP addresses, to keep the list of unresponsive IP addresses up to date. For example, the proxy server 404 may attempt to communicate with IP addresses in the list of unresponsive IP addresses to determine whether their status has changed. In some embodiments, if an attempt to communicate with an IP address is successful, or if a predetermined number of communication attempts are successful within a predetermined period of time, the IP address can be removed from the list of unresponsive IP addresses. Additionally or alternatively, an IP address can be removed from the list of IP addresses if it has been in the list for a predetermined period of time. Therefore, the list of unresponsive IP addresses may be maintained by the node implementing the method 500, such as for example the proxy server 404, although in other embodiments the list of unresponsive IP addresses may be maintained additionally or alternatively by another entity.
  • Figure 6 shows a method 600 for handling a connection request in a node of a
  • the method 500 may be implemented by a proxy server, such as for example proxy server 404 shown in Figure 4.
  • the method 600 will be described with reference to the network 400 of Figure 4, although the method and other embodiments may be implemented within an alternative network.
  • a connection request is received from a client node 402, the connection request associated with a destination IP address.
  • the connection request may be a request for a connection with a node (e.g. origin server 406) at the IP address specified in the connection request.
  • the request is a request to establish a TCP connection.
  • a list of unresponsive IP addresses is queried to determine whether the destination IP address is in the list.
  • the method 600 also includes, in step 606, responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallowing the connection request from the client node.
  • a destination IP address may be determined as being unresponsive in a manner similar to that described above with reference to the method of Figure 5. Additionally or alternatively, the list of unresponsive IP addresses may be maintained in a similar manner. The list of unresponsive IP addresses may be stored in storage 410 that is local to or accessible by the proxy server 404.
  • the proxy server will reject the connection from the client node.
  • the client node 402 may request a TCP connection to the origin server 406 by sending a TCP SYN message with a destination as the IP address of the origin server.
  • the proxy server 404 intercepts the message, and checks the list of unresponsive IP addresses to determine if the IP address of the origin server 406 is in the list. If so, the proxy server 404 will reject the connection request, for example by sending a TCP reset indication to the client node 402.
  • the TCP reset indication may be for example a TCP message with a reset (RST) bit set in the header of the TCP message.
  • the proxy server 404 may not respond to the connection request from the client node 402, causing the connection request to time out. In other examples, any suitable procedure for declining the connection request from the client node 402 may be used. However, the proxy server 404 may not attempt a connection with a node at the IP address (e.g. the origin server 406) due to the IP address being in the list of unresponsive IP addresses.
  • the client node 402 may subsequently attempt to connect to a different IP address.
  • the different IP address may be another IP address that was indicated in the DNS Response message forwarded to the client node 402 from the proxy server 404, and may therefore be associated with the same hostname or domain name as the IP address of the first, unsuccessful, connection attempt.
  • the proxy server 404 determines that the IP address indicated by the connection request is not in the list of unresponsive IP addresses, the proxy server requests a connection to be established with the node at the IP address, such as the origin server 406. For example, the proxy server may send a TCP SYN message to the origin server 406. In some examples, the proxy server 404 may not wait until successful establishment of a connection with the origin server 406 before accepting the connection request from the client node. This may ensure a fast set up time for the connection between the client node 402 and the proxy server 404, and may reflect the increased confidence that the origin server 406 will be responsive as its IP address is not in the list of unresponsive IP addresses.
  • the proxy server 404 may delay acceptance of the connection request from the client node 402 until successful establishment a connection with the origin server 406. In either case, in examples where TCP connections are requested, the proxy server 404 may reply to a connection request (e.g. TCP SYN message) from the client node 402 with a TCP SYN-ACK message indicating that the connection request has been accepted. The client node 402 then responds with a TCP ACK message. A TCP connection between the client node 402 and the proxy server 404 has thus been successfully established. Similarly, the proxy server 404 may receive acceptance of the connection request (e.g. TCP SYN message) from the client node 402 with a TCP SYN-ACK message indicating that the connection request has been accepted. The client node 402 then responds with a TCP ACK message. A TCP connection between the client node 402 and the proxy server 404 has thus been successfully established. Similarly, the proxy server 404 may receive acceptance of the connection request (e.g.
  • TCP SYN message to the origin server 406 in the form of a TCP SYN-ACK message from the origin server 406.
  • the proxy server 404 may then respond by sending a TCP ACK message to the origin server 406.
  • a TCP connection between the proxy server 404 and the origin server 406 has thus been successfully established.
  • the client node 402 and the origin server 406 may exchange communications using the TCP connections and with the proxy server 404 acting as a proxy.
  • Figure 7 shows an example of apparatus 700 according to embodiments of the disclosure.
  • the apparatus 700 may be for example a network node, a proxy server or any other suitable entity.
  • the network node 700 may be configured to perform the method of Figure 5, and/or the method of Figure 6.
  • the network node 700 comprises processing circuitry 702 (e.g. a processor) and a memory 704.
  • the memory 704 contains instructions executable by the processor 702.
  • the memory 704 containing instructions executable by the processor 702 such that the apparatus is operable to is operable to: obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message; determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses; and responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modify the data to remove the at least one IP address and forwarding the modified data to the client node.
  • IP Internet Protocol
  • the memory 704 may additionally or alternatively contain instructions executable by the processor 702 such that the apparatus is operable to is operable to: receive a connection request from a client node, the connection request associated with a destination IP address; query a list of unresponsive IP addresses to determine whether the destination IP address is in the list; and responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallow the connection request from the client node.
  • FIG. 8 is a schematic drawing of apparatus 800 according to further embodiments of the disclosure.
  • the apparatus 800 may be for example a network node, a proxy server or any other suitable entity.
  • the apparatus 800 comprises an obtaining module 802 configured to obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name.
  • the apparatus also comprises a determination module 804 configured to determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses, and a modification module 8006 configured to modify the data to remove the at least one IP address and forwarding the modified data to the client node if the at least one IP address is in the list of unresponsive IP addresses.
  • IP Internet Protocol
  • FIG. 9 is a schematic drawing of apparatus 900 according to further embodiments of the disclosure.
  • the apparatus 900 may be for example a network node, a proxy server or any other suitable entity.
  • the apparatus 900 comprises a receiving module 902 configured to receive a connection request from a client node, the connection request associated with a destination IP address, a querying module 904 configured to query a list of unresponsive IP addresses to determine whether the destination IP address is in the list, and a disallowing module 906 configured to disallow the connection request from the client node if the destination IP address is in the list of unresponsive IP addresses.
  • connection and communication protocol Although some examples described above have been presented using TCP as the connection and communication protocol, other embodiments may use any suitable communication and/or connection protocol.
  • Advantages provided by embodiments of the disclosure include avoidance of delays and/or certain network communications if a node at a certain IP address is unresponsive, and/or a decreased set up time for certain connections.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Methods and apparatus are provided for responding to a DNS Query, and for handling a connection request. In one aspect, a method of responding to a DNS Query in a communications network comprises obtaining data in response to receipt of a DNS Query message from a client node, wherein the data comprises a plurality of IP addresses associated with a hostname or domain name indicated in the DNS Query message. The method also comprises determining whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses and, responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modifying the data to remove the at least one IP address and forwarding the modified data to the client node.

Description

METHODS AND APPARATUS FOR RESPONDING TO A
DNS QUERY AND HANDLING A CONNECTION REQUEST
Technical Field
Examples of the present disclosure relate to methods, apparatus and computer-readable media for responding to a Domain Name System (DNS) query in a communications network, and connection request handling, for example in a proxy server. Background
A proxy node in a communications network is a network node that acts as an intermediary between a client node and another node, referred to herein as the origin server, such as a content server for example. A request from the client node to connect to the origin server is received by the proxy node. The proxy node may establish a connection with both the client node and the origin server so that communications between the client node and the origin server pass through the proxy server.
When a proxy server receives a connection request, such as for example a Transmission Control Protocol (TCP) connection request, from a client node to connect to an origin server, the proxy node sends a connection request to the origin server. The proxy node may wait until the connection between the proxy node and the origin server has been established, before accepting the connection request from the client node. Alternatively, the proxy node may accept the connection request from the client node before a connection between the proxy node and the origin server has been established.
The origin server may be unresponsive. For example, the origin server may be inoperative, or may fail to respond to some or all communications within a certain time period. As a result, the client node may wait until the connection request has timed out before attempting to connect to the same origin server again, or searching for an alternative origin server, which may considerably increase the time taken to connect to an origin server, and may also increase network traffic.
Summary
One aspect of the present disclosure provides a method of responding to a Domain Name System (DNS) query in a communications network. The method comprises obtaining data in response to receipt of a DNS Query message from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message. The method also comprises determining whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses and, responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modifying the data to remove the at least one IP address and forwarding the modified data to the client node.
Another aspect of the disclosure provides a method of handling a connection request in a node of a communications network. A connection request is received from a client node, the connection request associated with a destination IP address. The method comprises querying a list of unresponsive IP addresses to determine whether the destination IP address is in the list and, responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallowing the connection request from the client node.
A further aspect of the disclosure provides apparatus for responding to a Domain Name System (DNS) query in a communications network. The apparatus is configured to obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message. The apparatus is also configured to determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses and, responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modifying the data to remove the at least one IP address and forwarding the modified data to the client node.
A still further aspect of the disclosure provides apparatus for responding to a Domain Name System (DNS) query in a communications network. The apparatus comprises a processor and a memory, the memory containing instructions executable by the processor such that the apparatus is operable to obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message, to determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses and, responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, to modify the data to remove the at least one IP address and forwarding the modified data to the client node. A yet further aspect of the disclosure provides apparatus for handling a connection request in node of a communications network. The apparatus is configured to receive a connection request from a client node, the connection request associated with a destination IP address, and to query a list of unresponsive IP addresses to determine whether the destination IP address is in the list. The apparatus is also configured to, responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallow the connection request from the client node.
Another aspect of the disclosure provides apparatus for handling a connection request in a node of communications network. The apparatus comprising a processor and a memory, the memory containing instructions executable by the processor such that the apparatus is operable to receive a connection request from a client node, the connection request associated with a destination IP address, query a list of unresponsive IP addresses to determine whether the destination IP address is in the list and, responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallow the connection request from the client node.
A further aspect of the disclosure provides apparatus for responding to a Domain Name System (DNS) query in a communications network. The apparatus comprises an obtaining module configured to obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name. The apparatus also comprises a
determination module configured to determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses, and a modification module configured to modify the data to remove the at least one IP address and forwarding the modified data to the client node if the at least one IP address is in the list of unresponsive IP addresses.
A still further aspect of the disclosure provides apparatus for handling a connection request in a node of a communications network. The apparatus comprises a receiving module configured to receive a connection request from a client node, the connection request associated with a destination IP address, a querying module configured to query a list of unresponsive IP addresses to determine whether the destination IP address is in the list, and a disallowing module configured to disallow the connection request from the client node if the destination IP address is in the list of unresponsive IP addresses. Brief Description of the Drawings
For a better understanding of examples of the present disclosure, and to show more clearly how the examples may be carried into effect, reference will now be made, by way of example only, to the following drawings in which:
Figure 1 is a schematic illustration of an example of a communications network;
Figure 2 is a schematic illustration of an example of a DNS Request message;
Figure 3 is a schematic illustration of an example of a DNS Response message;
Figure 4 is a schematic illustration of another example of a communications network; Figure 5 is flow chart of a method according to embodiments of the disclosure;
Figure 6 is flow chart of another method according to embodiments of the disclosure;
Figure 7 is a schematic illustration of an example of apparatus according to embodiments of the disclosure;
Figure 8 is a schematic illustration of another example of apparatus according to embodiments of the disclosure; and Figure 9 is a schematic illustration of a further example of apparatus according to embodiments of the disclosure.
Detailed Description The following sets forth specific details, such as particular embodiments or examples for purposes of explanation and not limitation. It will be appreciated by one skilled in the art that other examples may be employed apart from these specific details. In some instances, detailed descriptions of well-known methods, nodes, interfaces, circuits, and devices are omitted so as not obscure the description with unnecessary detail. Those skilled in the art will appreciate that the functions described may be implemented in one or more nodes using hardware circuitry (e.g., analog and/or discrete logic gates interconnected to perform a specialized function, ASICs, PLAs, etc.) and/or using software programs and data in conjunction with one or more digital microprocessors or general purpose computers. Nodes that communicate using the air interface also have suitable radio communications circuitry. Moreover, where appropriate the technology can additionally be considered to be embodied entirely within any form of computer-readable memory, such as solid-state memory, magnetic disk, or optical disk containing an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein.
Hardware implementation may include or encompass, without limitation, digital signal processor (DSP) hardware, a reduced instruction set processor, hardware (e.g., digital or analogue) circuitry including but not limited to application specific integrated circuit(s) (ASIC) and/or field programmable gate array(s) (FPGA(s)), and (where appropriate) state machines capable of performing such functions.
Figure 1 shows an example of a communications network 100. The network 100 includes a client node 102, origin server 104, proxy server 106 and DNS server 108. Other nodes that are not shown may be present within the network 100.
In an example scenario, the client node 102 wishes to connect to the origin server 104. For example, the client node 102 wishes to establish a Transmission Control Protocol (TCP) connection such that content can be downloaded to the client node 102 from the origin server 104. The client node 102 may know a hostname or domain name of the origin server 104, but not the Internet Protocol (IP) address of the origin server 104. In some cases, the hostname or domain name may be linked to a plurality of origin servers at different IP addresses.
The client node 102 sends a Domain Name System (DNS) Request message to the proxy server 106 to determine the IP address of an origin server associated with the hostname or domain name. The DNS request may be sent directly to the proxy server 106, such as for example with the IP address of the proxy server 106 as the destination IP address for the DNS Request message, or the destination IP address may be that of a DNS server (e.g.
DNS server 108), in which case the proxy server 106 may receive the Request message and forward it to the DNS server. Alternatively, for example, the proxy server 106 may incorporate a DNS server, such as for example DNS server 108, though in other examples the DNS server 108 may be distinct from the proxy server 106. In any case, when a DNS server receives a DNS Request message, it may in some examples contact other DNS servers (not shown) in accordance with the DNS protocol. Figure 2 shows an example of a DNS Request message 200. The DNS Request message 200 includes the hostname or domain name 202. The proxy server 106 forwards the DNS Request message to the DNS server 108. The DNS server obtains one or more IP addresses associated with the hostname or domain name in accordance with the Domain Name System and sends a DNS Response message to the proxy server 106. Figure 3 shows an example of a DNS Response message 300. The DNS Response message 300 includes a plurality of IP addresses 302, 304, though in some examples a single IP address may be specified. Associating multiple IP addresses with a hostname or domain name may provide load balancing. For example where a large number of client nodes wish to establish a connection with an origin server associated with a hostname or domain name, the client nodes may be directed to origin servers at different IP addresses.
The proxy server 106 forwards the DNS Response message to the client node 102. The client node 102 selects an IP address from the IP addresses specified in the DNS Response message. Where there are multiple IP addresses, the client node 102 may select the first address specified in the DNS Response message, for example. The DNS Server 108 may therefore provide load balancing by varying the order in which multiple IP addresses are provided in DNS Response messages. The client node 102 then attempts to establish a connection with the selected IP address. Therefore, the client node 102 sends a connection request (such as, for example, a TCP SYN message) specifying the selected IP address. The connection request is intercepted by the proxy server 106. The proxy server 106 then sends a connection request (such as, for example, a TCP SYN message) to the origin server 104, using the IP address specified in the connection request from the client node 102.
The proxy server 106 may also accept the connection request from the client node 102 before the connection request to the origin server 104 has been accepted, or may wait until the connection request to the origin server 104 is accepted before accepting the request from the client node 102. In either case, if the connection request to the origin server is successful, and the connection request from the client node is connected, there are two connections in the network 100: a first connection between the client node 102 and the proxy server 106, and a second connection between the proxy server 106 and the origin server 104. Thus, the proxy server 106 is able to act as a proxy between the client node 102 and the origin server 104. If, however, the connection request to the origin server 104 is unsuccessful, for example because it has not been accepted by the origin server 104 within a certain period of time, then the client node 102 may attempt to establish a connection with a new origin server at a different IP address (e.g. another IP address specified in the DNS Response message). This may result in a delay during which a connection with the first origin server 104 is attempted, and additional network communications relating to the subsequent connection request from the client node 102 to a new IP address and the resulting connection request from the proxy server 106 to the new origin server. Figure 4 shows a communications network 400 according to an embodiment of the disclosure. The network 400 includes a client node 402, proxy server 404, origin server 406 and DNS server 408. The network 400 also includes storage 410 for storing a list of unresponsive IP addresses. Any communications within the network 400 may in some examples pass through other network nodes.
Figure 5 shows an example of flow chart of a method 500 for of responding to a Domain Name System (DNS) query in a communications network, such as for example network 400 shown in Figure 4. In some embodiments, the method 500 may be implemented by a proxy server, such as for example proxy server 404 shown in Figure 4. The method 500 will be described with reference to the network 400 of Figure 4, although the method and other embodiments may be implemented within an alternative network.
A first step 502 of the method 500 comprises obtaining data in response to receipt of a DNS Query message from a client node 402. The DNS Query message may for example be similar to the DNS Query message 200 shown in Figure 2, and may specify a hostname or domain name to which the client node 402 wishes to be connected. The data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message. The IP addresses may be the addresses of origin servers (such as origin server 406).
The data may be obtained from the DNS server 408. In this case, for example, the proxy server forwards the DNS Query message, or sends a new DNS Query message including the hostname or domain name, to the DNS server 408. In response, the proxy server 404 receives a DNS Response message from the DNS server that contains the plurality of IP addresses associated with the hostname or domain name. However, in some embodiments, a response to a DNS Query message may be cached in a cache that is local to or accessible by the proxy server 404. For example, the DNS Query message may specify a hostname or domain name that is identical to that specified in an earlier DNS Query message that was received by the proxy server 404. As a result, obtaining the data may comprise retrieving the data from the cache. The cache may be held within storage 410 or at any other suitable location.
The next step 504 of the method 500 comprises determining whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses. The list of unresponsive IP addresses may be held in storage 410, which may be local to or accessible by the proxy server 404. The list of unresponsive IP addresses includes IP addresses of network nodes, such as origin servers, that are expected to be unresponsive. In other words, for example, requests for connections (e.g. TCP connections) to
unresponsive IP addresses are expected to be rejected or expected to time out (i.e. no response to the connection request is expected to be received within a certain time period). The method 500 also includes, at step 506, responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modifying the data to remove the at least one IP address and forwarding the modified data to the client node 402. This removes the IP address associated with the unresponsive network node (or where there are multiple IP addresses in the data that are in the list of unresponsive IP addresses, all of them) from the data.
As a result, the data that is forwarded to the client node 402 does not include IP addresses that are expected to be unresponsive according to the list of unresponsive IP addresses. The IP address that the client node 402 selects from the remaining IP addresses is therefore not in the list of unresponsive IP addresses, and a subsequent connection request from the client node 402 to connect to a node (such as the origin server 406) at the IP address, and a resulting connection request from the proxy server 404 to the node at the IP address, is more likely to result in successful establishment of the connections. In some embodiments, one or both of the subsequent connections between the client node and the proxy server 404, and between the proxy server 404 and the origin server 406, are TCP connections. In some cases, the action of the proxy server 404 may result in load balancing. For example, if a node at an IP address is unresponsive due to a high load, such that it does not have the processing capacity or communications bandwidth to accept any more connection requests, then removal of this IP address from data forwarded to the client node 402 will cause the client node to attempt a connection with other IP addresses associated with the same hostname or domain name. In some circumstances, it may be that all of the IP addresses in the DNS Response message (or where there is only one IP address, that IP address) are in the list of unresponsive IP addresses. In this case, in some examples the data forwarded to the client node 402 may include at least one IP address. For example, the data may include only the first IP address in a list of addresses in the DNS Response message from the DNS server 108, or may include the first predetermined number of addresses, or may include one or more addresses selected randomly from the list, or may include all of the addresses (i.e. the data is unmodified). Alternatively, the data forwarded to the client node 402 may indicate that no address could be found (e.g. all addresses are removed from the data).
In some cases, it may be determined that none of the IP addresses in the data obtained in step 502 is in the list of unresponsive IP addresses. Therefore, the data may in some embodiments be forwarded to the client node 402 unmodified, for example in a DNS
Response message.
It may be the case that a connection request is subsequently received by the proxy server 404 from the client node 402 to connect with a node at the selected IP address, but a subsequent attempt by the proxy server 404 to communicate with (e.g. connect to) the node at the IP address (such as for example the origin server 406) is unsuccessful because this node is unresponsive. In this case, in some embodiments, the IP address is added to the list of unresponsive IP addresses, such that the IP address may be removed from data forwarded to a client node (e.g. the client node 402 or another node) in response to a later DNS Query message. A node at an IP address may be considered as being unresponsive if, for example, an attempt to communicate with (e.g. connect to) the node at the IP address is unsuccessful, or has been unsuccessful a predetermined number of times in a
predetermined time period.
In some embodiments, the proxy server 404 may attempt to communicate with IP addresses without first receiving a DNS Query message specifying a hostname or domain name associated with the IP addresses, to keep the list of unresponsive IP addresses up to date. For example, the proxy server 404 may attempt to communicate with IP addresses in the list of unresponsive IP addresses to determine whether their status has changed. In some embodiments, if an attempt to communicate with an IP address is successful, or if a predetermined number of communication attempts are successful within a predetermined period of time, the IP address can be removed from the list of unresponsive IP addresses. Additionally or alternatively, an IP address can be removed from the list of IP addresses if it has been in the list for a predetermined period of time. Therefore, the list of unresponsive IP addresses may be maintained by the node implementing the method 500, such as for example the proxy server 404, although in other embodiments the list of unresponsive IP addresses may be maintained additionally or alternatively by another entity.
Figure 6 shows a method 600 for handling a connection request in a node of a
communications network, such as for example network 400 shown in Figure 4. In some embodiments, the method 500 may be implemented by a proxy server, such as for example proxy server 404 shown in Figure 4. The method 600 will be described with reference to the network 400 of Figure 4, although the method and other embodiments may be implemented within an alternative network.
In a first step 602 of the method 600, a connection request is received from a client node 402, the connection request associated with a destination IP address. For example, the connection request may be a request for a connection with a node (e.g. origin server 406) at the IP address specified in the connection request. In some embodiments, the request is a request to establish a TCP connection. Next, in step 604, a list of unresponsive IP addresses is queried to determine whether the destination IP address is in the list. The method 600 also includes, in step 606, responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallowing the connection request from the client node. A destination IP address may be determined as being unresponsive in a manner similar to that described above with reference to the method of Figure 5. Additionally or alternatively, the list of unresponsive IP addresses may be maintained in a similar manner. The list of unresponsive IP addresses may be stored in storage 410 that is local to or accessible by the proxy server 404.
As a result of the method 600, for example, in the event that the client node 402 requests a connection to the origin server 406 at a specified IP address through the proxy server 404, and the IP address is in the list of unresponsive IP addresses, the proxy server will reject the connection from the client node. In some embodiments, the client node 402 may request a TCP connection to the origin server 406 by sending a TCP SYN message with a destination as the IP address of the origin server. The proxy server 404 intercepts the message, and checks the list of unresponsive IP addresses to determine if the IP address of the origin server 406 is in the list. If so, the proxy server 404 will reject the connection request, for example by sending a TCP reset indication to the client node 402. The TCP reset indication may be for example a TCP message with a reset (RST) bit set in the header of the TCP message. Alternatively, the proxy server 404 may not respond to the connection request from the client node 402, causing the connection request to time out. In other examples, any suitable procedure for declining the connection request from the client node 402 may be used. However, the proxy server 404 may not attempt a connection with a node at the IP address (e.g. the origin server 406) due to the IP address being in the list of unresponsive IP addresses.
In some examples, if the TCP connection request from the client node 402 is unsuccessful (e.g. declined, rejected or ignored by the proxy server 404) due to the IP address of the origin server 406 being in the list of unresponsive IP addresses, the client node may subsequently attempt to connect to a different IP address. For example, the different IP address may be another IP address that was indicated in the DNS Response message forwarded to the client node 402 from the proxy server 404, and may therefore be associated with the same hostname or domain name as the IP address of the first, unsuccessful, connection attempt.
If, on receipt of a connection request from the client node 402, the proxy server 404 determines that the IP address indicated by the connection request is not in the list of unresponsive IP addresses, the proxy server requests a connection to be established with the node at the IP address, such as the origin server 406. For example, the proxy server may send a TCP SYN message to the origin server 406. In some examples, the proxy server 404 may not wait until successful establishment of a connection with the origin server 406 before accepting the connection request from the client node. This may ensure a fast set up time for the connection between the client node 402 and the proxy server 404, and may reflect the increased confidence that the origin server 406 will be responsive as its IP address is not in the list of unresponsive IP addresses. In other examples, the proxy server 404 may delay acceptance of the connection request from the client node 402 until successful establishment a connection with the origin server 406. In either case, in examples where TCP connections are requested, the proxy server 404 may reply to a connection request (e.g. TCP SYN message) from the client node 402 with a TCP SYN-ACK message indicating that the connection request has been accepted. The client node 402 then responds with a TCP ACK message. A TCP connection between the client node 402 and the proxy server 404 has thus been successfully established. Similarly, the proxy server 404 may receive acceptance of the connection request (e.g. TCP SYN message) to the origin server 406 in the form of a TCP SYN-ACK message from the origin server 406. The proxy server 404 may then respond by sending a TCP ACK message to the origin server 406. A TCP connection between the proxy server 404 and the origin server 406 has thus been successfully established. At this point, the client node 402 and the origin server 406 may exchange communications using the TCP connections and with the proxy server 404 acting as a proxy.
Figure 7 shows an example of apparatus 700 according to embodiments of the disclosure. The apparatus 700 may be for example a network node, a proxy server or any other suitable entity. The network node 700 may be configured to perform the method of Figure 5, and/or the method of Figure 6.
The network node 700 comprises processing circuitry 702 (e.g. a processor) and a memory 704. The memory 704 contains instructions executable by the processor 702.
In one embodiment, the memory 704 containing instructions executable by the processor 702 such that the apparatus is operable to is operable to: obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message; determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses; and responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modify the data to remove the at least one IP address and forwarding the modified data to the client node.
In another embodiment, the memory 704 may additionally or alternatively contain instructions executable by the processor 702 such that the apparatus is operable to is operable to: receive a connection request from a client node, the connection request associated with a destination IP address; query a list of unresponsive IP addresses to determine whether the destination IP address is in the list; and responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallow the connection request from the client node.
Figure 8 is a schematic drawing of apparatus 800 according to further embodiments of the disclosure. The apparatus 800 may be for example a network node, a proxy server or any other suitable entity.
The apparatus 800 comprises an obtaining module 802 configured to obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name. The apparatus also comprises a determination module 804 configured to determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses, and a modification module 8006 configured to modify the data to remove the at least one IP address and forwarding the modified data to the client node if the at least one IP address is in the list of unresponsive IP addresses.
Figure 9 is a schematic drawing of apparatus 900 according to further embodiments of the disclosure. The apparatus 900 may be for example a network node, a proxy server or any other suitable entity.
The apparatus 900 comprises a receiving module 902 configured to receive a connection request from a client node, the connection request associated with a destination IP address, a querying module 904 configured to query a list of unresponsive IP addresses to determine whether the destination IP address is in the list, and a disallowing module 906 configured to disallow the connection request from the client node if the destination IP address is in the list of unresponsive IP addresses.
Although some examples described above have been presented using TCP as the connection and communication protocol, other embodiments may use any suitable communication and/or connection protocol.
Advantages provided by embodiments of the disclosure include avoidance of delays and/or certain network communications if a node at a certain IP address is unresponsive, and/or a decreased set up time for certain connections.
It should be noted that the above-mentioned examples illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative examples without departing from the scope of the appended statements. The word "comprising" does not exclude the presence of elements or steps other than those listed in a claim, "a" or "an" does not exclude a plurality, and a single processor or other unit may fulfil the functions of several units recited in the statements below. Where the terms, "first", "second" etc are used they are to be understood merely as labels for the convenient identification of a particular feature. In particular, they are not to be interpreted as describing the first or the second feature of a plurality of such features (i.e. the first or second of such features to occur in time or space) unless explicitly stated otherwise. Steps in the methods disclosed herein may be carried out in any order unless expressly otherwise stated. Any reference signs in the statements shall not be construed so as to limit their scope.

Claims

Claims
1 . A method of responding to a Domain Name System (DNS) query in a
communications network, the method comprising:
obtaining data in response to receipt of a DNS Query message from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message;
determining whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses; and
responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modifying the data to remove the at least one IP address and forwarding the modified data to the client node.
2. The method of claim 1 , wherein obtaining the data comprises receiving the data in a DNS response message from a DNS server.
3. The method of claim 2, comprising sending a DNS Query message to the DNS server, and the DNS response message is received from the DNS server in response to the DNS Query sent to the DNS server.
4. The method of claim 1 , wherein obtaining the data comprises retrieving the data from a cache.
5. The method of any of the preceding claims, comprising:
attempting to communicate with a destination IP address; and
adding the destination IP address to the list of unresponsive IP addresses if the destination IP address is unresponsive.
6. The method of claim 5, comprising receiving a connection request associated with the destination IP address; and wherein attempting to communicate with the destination IP address comprises attempting to connect to the destination IP address in response to the connection request.
7. The method of claim 5 or 6, comprising determining that the destination IP address is unresponsive if attempts to communicate with the destination IP address are unsuccessful a predetermined number of times in a predetermined period of time.
8. The method of any of claims 5 to 7, comprising removing the destination IP address from the list of unresponsive IP addresses after a certain period of time.
9. The method of any of claims 5 to 8, wherein attempting to communicate with a destination IP address comprises attempting to establish a Transmission Control Protocol (TCP) connection with the destination IP address.
10. The method of any of the preceding claims, wherein forwarding the modified data to the client node comprises forwarding a DNS response message containing the data to the client node.
1 1 . A method of handling a connection request in a node of a communications network, comprising:
receiving a connection request from a client node, the connection request associated with a destination IP address;
querying a list of unresponsive IP addresses to determine whether the destination IP address is in the list; and
responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallowing the connection request from the client node.
12. The method of claim 1 1 , wherein the connection request comprises a request to establish a Transmission Control Protocol (TCP) connection with the client node.
13. The method of claim 1 1 or 12, comprising:
attempting to communicate with the destination IP address; and
adding the destination IP address to the list of unresponsive IP addresses if the destination IP address is unresponsive.
14. The method of claim 13, comprising determining that the destination IP address is unresponsive if attempts to communicate with the destination IP address are unsuccessful a predetermined number of times in a predetermined period of time.
15. The method of any of claims 1 1 to 14, comprising removing the destination IP address from the list of unresponsive IP addresses after a certain period of time.
16. The method of any of claims 1 1 to 15, wherein disallowing the connection request comprises sending a Transmission Control Protocol (TCP) reset message to the network node.
17. The method of any of claims 1 1 to 16, wherein the method is implemented on a proxy server between the client node and a node at the destination IP address.
18. The method of claim 17, wherein the list of unresponsive IP addresses is stored locally at the proxy server.
19. The method of any of claims 1 1 to 18, wherein the request comprises a request to connect to the destination IP address indicated in the request.
20. A computer program comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out a method according to any one of the preceding claims.
21 . A carrier containing a computer program according to claim 20, wherein the carrier comprises one of an electronic signal, optical signal, radio signal or computer readable storage medium.
22. A computer program product comprising non transitory computer readable media having stored thereon a computer program according to claim 20.
23. Apparatus for responding to a Domain Name System (DNS) query in a
communications network, the apparatus configured to:
obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message;
determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses; and
responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modify the data to remove the at least one IP address and forwarding the modified data to the client node.
24. Apparatus for responding to a Domain Name System (DNS) query in a communications network, the apparatus comprising a processor and a memory, the memory containing instructions executable by the processor such that the apparatus is operable to: obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name indicated in the DNS Query message;
determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses; and
responsive to a determination that the at least one IP address is in the list of unresponsive IP addresses, modify the data to remove the at least one IP address and forwarding the modified data to the client node.
25. Apparatus as claimed in claim 23 or 24, wherein the apparatus is further configured to carry out a method according to any one of claims 2 to 10.
26. Apparatus for handling a connection request in node of a communications network, the apparatus configured to:
receive a connection request from a client node, the connection request associated with a destination IP address;
query a list of unresponsive IP addresses to determine whether the destination IP address is in the list; and
responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallow the connection request from the client node.
27. Apparatus for handling a connection request in a node of communications network, the apparatus comprising a processor and a memory, the memory containing instructions executable by the processor such that the apparatus is operable to:
receive a connection request from a client node, the connection request associated with a destination IP address;
query a list of unresponsive IP addresses to determine whether the destination IP address is in the list; and
responsive to a determination that the destination IP address is in the list of unresponsive IP addresses, disallow the connection request from the client node.
28. Apparatus as claimed in claim 26 or 27, wherein the apparatus is further configured to carry out a method according to any one of claims 12 to 19.
29. Apparatus for responding to a Domain Name System (DNS) query in a communications network, the apparatus comprising:
an obtaining module configured to obtain data in response to a DNS Query message received from a client node, wherein the data comprises a plurality of Internet Protocol (IP) addresses associated with a hostname or domain name;
a determination module configured to determine whether at least one IP address of the plurality of IP addresses in the data is in a list of unresponsive IP addresses;
a modification module configured to modify the data to remove the at least one IP address and forwarding the modified data to the client node if the at least one IP address is in the list of unresponsive IP addresses.
30. Apparatus for handling a connection request in a node of a communications network, the apparatus comprising:
a receiving module configured to receive a connection request from a client node, the connection request associated with a destination IP address;
a querying module configured to query a list of unresponsive IP addresses to determine whether the destination IP address is in the list; and
a disallowing module configured to disallow the connection request from the client node if the destination IP address is in the list of unresponsive IP addresses.
PCT/EP2017/065538 2017-06-23 2017-06-23 Methods and apparatus for responding to a dns query and handling a connection request WO2018233844A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2017/065538 WO2018233844A1 (en) 2017-06-23 2017-06-23 Methods and apparatus for responding to a dns query and handling a connection request

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2017/065538 WO2018233844A1 (en) 2017-06-23 2017-06-23 Methods and apparatus for responding to a dns query and handling a connection request

Publications (1)

Publication Number Publication Date
WO2018233844A1 true WO2018233844A1 (en) 2018-12-27

Family

ID=59416650

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2017/065538 WO2018233844A1 (en) 2017-06-23 2017-06-23 Methods and apparatus for responding to a dns query and handling a connection request

Country Status (1)

Country Link
WO (1) WO2018233844A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111371915A (en) * 2020-02-26 2020-07-03 北京天维信通科技有限公司 IP address list maintenance method and device and gateway equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6134588A (en) * 1997-11-12 2000-10-17 International Business Machines Corporation High availability web browser access to servers
US20020056053A1 (en) * 2000-10-26 2002-05-09 Ben Vine System and method for handling web failures
US6795434B1 (en) * 1998-11-18 2004-09-21 Intel Corporation Replicated server discovery in client-proxy servers
US7734683B1 (en) * 2000-07-11 2010-06-08 Nokia Corporation Method for providing a DNS server address list from a server to a client
US7761594B1 (en) * 2001-10-15 2010-07-20 Netapp, Inc. Method and apparatus for forwarding requests in a cache hierarchy based on user-defined forwarding rules
US20100291943A1 (en) * 2008-01-23 2010-11-18 Attila Mihaly Method and Apparatus for Pooling Network Resources
WO2016191511A1 (en) * 2015-05-26 2016-12-01 Microsoft Technology Licensing, Llc Cloud computing infrastructure

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6134588A (en) * 1997-11-12 2000-10-17 International Business Machines Corporation High availability web browser access to servers
US6795434B1 (en) * 1998-11-18 2004-09-21 Intel Corporation Replicated server discovery in client-proxy servers
US7734683B1 (en) * 2000-07-11 2010-06-08 Nokia Corporation Method for providing a DNS server address list from a server to a client
US20020056053A1 (en) * 2000-10-26 2002-05-09 Ben Vine System and method for handling web failures
US7761594B1 (en) * 2001-10-15 2010-07-20 Netapp, Inc. Method and apparatus for forwarding requests in a cache hierarchy based on user-defined forwarding rules
US20100291943A1 (en) * 2008-01-23 2010-11-18 Attila Mihaly Method and Apparatus for Pooling Network Resources
WO2016191511A1 (en) * 2015-05-26 2016-12-01 Microsoft Technology Licensing, Llc Cloud computing infrastructure

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111371915A (en) * 2020-02-26 2020-07-03 北京天维信通科技有限公司 IP address list maintenance method and device and gateway equipment
CN111371915B (en) * 2020-02-26 2022-05-20 北京天维信通科技有限公司 IP address list maintenance method and device and gateway equipment

Similar Documents

Publication Publication Date Title
US20190222656A1 (en) Communication Method and Apparatus
JP6662191B2 (en) Communication device and communication method
US9621412B2 (en) Method for guaranteeing service continuity in a telecommunication network and system thereof
WO2018214853A1 (en) Method, apparatus, medium and device for reducing length of dns message
US10587515B2 (en) Stateless information centric forwarding using dynamic filters
CN111431871B (en) Processing method and device of TCP (Transmission control protocol) semi-transparent proxy
EP4181436B1 (en) Data processing method and apparatus, related device and storage medium
CN112073545B (en) MP-TCP capability for transmitting server devices using DNS
US7505484B2 (en) Remote discovery and storage of a path maximum transmission unit (PMTU) value
US11658995B1 (en) Methods for dynamically mitigating network attacks and devices thereof
US20200213233A1 (en) Balancing load
US20150304271A1 (en) Address resolution protocol buffer and buffering method thereof
EP3043534B1 (en) Managing traffic overload on a dns server
WO2018233844A1 (en) Methods and apparatus for responding to a dns query and handling a connection request
EP4193585B1 (en) Network nodes and methods therein for indirect communication
CN106209666B (en) Link multiplexing method and system based on load balancer
CN109510864B (en) Forwarding method, transmission method and related device of cache request
US20210168220A1 (en) Hybrid proxying with user space hold
CN113992583B (en) Table item maintenance method and device
US9344865B1 (en) Methods for improving service of SMPP messages and devices thereof
US12021891B2 (en) Server connection resets based on domain name server (DNS) information
CN111835735B (en) Anti-attack method, device, equipment and machine-readable storage medium
CN111049754B (en) Data communication method, device, equipment and computer readable storage medium
TWI758179B (en) Client connection method of selecting domain name system service according to response time
US11616716B1 (en) Connection ownership gossip for network packet re-routing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17745264

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17745264

Country of ref document: EP

Kind code of ref document: A1