According to exemplary embodiments, the present technology is directed to systems and methods that utilize DNS systems that are adapted to utilize policy frameworks and a plurality of views. It will be understood that the term “view” may be understood to be a representation of a DNS namespace that a DNS client can access. That is, the DNS view defines the set of DNS names that are available to a particular DNS client and one or more methodologies for interpreting those DNS names. Simply stated, the view provides a context for interpretation of a domain name.
Generally speaking, the systems and methods provided herein may be adapted to decouple the DNS resolver and an associated DNS cache from the rest of a view. It will be understood that the terms “DNS resolver” may include a DNS server, a DNS name server, a domain name system server, and any other structural and/or functional equivalents.
Additionally, the systems and methods of the present technology may be adapted to utilize shared DNS caches. According to some embodiments, a shared cache may include previously generated DNS responses from preceding DNS queries. Rather than generating new DNS responses for each DNS query received, previously generated DNS responses may be provided to DNS clients in response to subsequent DNS queries. As such, the utilization of a shared cache provides a framework for creating a DNS system that allows for a unique view for each DNS client. That is, DNS responses may be shared across a plurality of views, allowing for a proliferation of views, unlike commonly utilized DNS server systems.
Common DNS resolvers may employ both an internal view and an external view, and each view has its own cache. That is, each DNS client receives the same “view” of the DNS response as every other DNS client. By decoupling the view from the cache, the DNS servers may share DNS responses amongst a limitless number of views, such that each DNS client may have their own unique “view” of the DNS response (whether the DNS response was previously generated or uniquely generated). More specifically, each view may include specific policies that may modify previously generated DNS responses taken from the shared cache to personalize the previously generated DNS responses provided to the DNS client.
The DNS resolver may then function as a configurable object that may be shared amongst a plurality of views. Generally speaking, the DNS resolver may be adapted to generate a DNS response filtered or modified according to the policies and configuration provided by the view where the view is selected for a DNS client in a novel manner.
It will be understood that each of the plurality of views may be at least one of bound to a private DNS resolver and a shared DNS resolver. Views that are adapted to utilize a shared DNS resolver may be collectively referred to as a “lightweight view.” These lightweight views cause the application of one or more policies such as malicious domain redirection and/or non-existent domain redirection policies, although one of ordinary skill in the art will appreciate that the systems and methods provided herein may be adapted to provide other suitable policies. Lightweight views may scale to service a plurality of views that may include hundreds of thousands, if not millions of separate views that may each be customized by association with one or more policies.