In a conventional method for blocking a malicious attack on a communication network, such as a computer network like the internet, user equipment such as a communication device may transmit a resolution request to a protection device twice. The protection device may transmit a canonical name (CNAME) response twice, in response to the respective resolution requests. Resolution software in the user equipment may identify the two CNAME responses as a resolution loop. Therefore, the user equipment may only respond to the first CNAME response, and may not respond to the second CNAME response, resulting in a failure in a name resolution. Hence the domain name resolution in the above technical solution has a low success rate.