US 11,943,195 B1
Zero-trust DNS and FQDN based traffic acquisition using synthetic IP
Ashish Jain, Bellevue, WA (US); Mordhai Gendelman, Ramat-Gan (IL); Or Moran, Rishon Le Zion (IL); Omer Kattan, Tel Aviv (IL); Yair Tor, Sammamish, WA (US); Ronen Shmuel Goldsmith, Raanana (IL); and Liraz Barak, Hod-Hasharon (IL)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Jan. 20, 2023, as Appl. No. 18/099,417.
Int. Cl. H04L 61/2592 (2022.01); H04L 61/4511 (2022.01)
CPC H04L 61/2592 (2013.01) [H04L 61/4511 (2022.05)] 20 Claims
OG exemplary drawing
 
12. A method of performing zero-trust domain name resolution, the method comprising:
identifying a synthetic IP address for an endpoint identifier for an internet connected endpoint at a zero-trust client on a local machine, the synthetic IP address being an IP address that is different from an IP address that is assigned to the endpoint identifier by a trusted DNS service configured to provide globally valid IP addresses;
in response to a request for an IP address corresponding to the endpoint identifier from an application on the local machine providing the synthetic IP address for the endpoint identifier to the application;
receiving data traffic at the zero-trust client, from the application directed to the internet connected endpoint, the data traffic being associated with the synthetic IP address by the application;
sending the data traffic to a zero-trust service with the synthetic IP address; and
sending the endpoint identifier to the zero-trust service in a fashion that allows the synthetic IP address to be correlated to the endpoint identifier at the zero-trust service.