In general, the DNS is the part of the Internet infrastructure that translates human-readable domain names into the Internet Protocol (“IP”) numbers needed to establish Transmission Control Protocol (“TCP”)/IP communication over the Internet. That is, DNS allows users to refer to web sites, and other resources, using domain names that are easier to remember, such as “www.example.com”, rather than the numeric IP addresses, such as “123.4.56.78”, assigned to computers on the Internet.
To find specific resources on the Internet, end-user applications can use the DNS resolution process. Aspects of the DNS resolution process are discussed below to aid in an understanding of the subject matter of the present application. The responsibility for operating a top-level domain (“TLD”), such as maintaining a registry of the second-level domains within the TLD, is delegated to a particular domain name registry. The registry is responsible for mapping domain names to IP addresses and resolving domain names through DNS servers that maintain such information in large databases, and operating one or more TLDs assigned to the registry.
The DNS servers map IP addresses to domain names in various TLDs, such as .com, .net, .edu, .tv, .co.uk, and the like. A single registry may be responsible for several TLDs. For example, the VERISIGN registry is responsible for .com and .net domains as well as many other TLDs. Resolving is the process by which domain names are matched with corresponding IP numbers. Resolving is accomplished by a combination of computing hardware and software that include name servers and resolvers utilizing DNS data to determine which IP numbers correspond to a particular domain name.
The DNS is maintained by a distributed database system, which uses the client-server model. Name servers serve as nodes of the distributed database. The DNS distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Because of the huge volume of DNS queries, the DNS resolution process allows for caching, which includes the local recording and subsequent consultation of the results of a DNS query, for a given period of time after a successful answer. How long a name server caches a DNS response is determined by a value called the time to live (“TTL”), which is generally set by the name server's administrator. Based on the DNS structure, as well as the caching function, there are two classifications typically applied to the name servers and resolvers, authoritative and recursive. An authoritative name server is a name server that gives original, definitive answers to DNS queries. Every domain name must be assigned a set of authoritative name servers that are responsible for resolving the domain name.
Caching name servers are recursive name servers that can cache DNS query results for a period of time specified by the TTL of the domain name record in question. Typically, caching name servers also implement the recursive algorithm necessary to resolve a given name starting with the root name server through to the authoritative name servers of the queried domain. Internet service providers (“ISPs”) typically provide recursive and caching name servers that serve their end-users. These end-users can utilize local network routers that implement DNS caches and recursive resolvers to improve efficiency. The network routers or machines in the local networks can include DNS stub or forwarding resolvers, which essentially operate as a cache-less application to resolve DNS names into IP addresses. The DNS stub or forwarding resolvers forward DNS queries from an end-user to a name server configured to resolve DNS queries from the end-user and return the name server's response. If a forwarding or stub resolver queries a caching name server for a domain record that is being held by the caching name server before the domain record's TTL has expired, then the caching name server would reply with the cached resource record rather than re-retrieve it from the authoritative name server.
Recursive resolvers can be configured to block or redirect DNS queries from stub or forwarding resolvers for a variety of reasons, such as to prevent users from falling victim to malware sites, enforce company policies, etc. However, when recursive resolvers receive DNS queries from machines in different networks, the recursive resolvers can capture only limited information associated with the DNS queries and the querying machines.