| CPC H04L 43/0823 (2013.01) [H04L 61/4511 (2022.05); H04L 63/1416 (2013.01)] | 6 Claims |
|
3. A method performed by a computer system for alerting on incorrect DNS records returned by DNS servers over the internet and related to data transfer associated with given one or more hosts, the method comprising the steps of:
I. acquiring a reference association list comprising an association between:
(a) a query list comprising, per each of the given one or more hosts, one or more DNS queries for corresponding DNS records related to said data transfer, and
(b) one or more expected query responses per each query in the query list;
II. acquiring a DNS server list comprising identifications of as many deemed reliable DNS servers as possible over the internet that may affect said data transfer;
III. scrutinizing the DNS servers in the DNS server list by repeatedly sending to each of them each of the queries included in the query list;
IV. comparing each query response obtained while scrutinizing the DNS servers with its expected query response included in the reference association list so as to detect incorrectly responding DNS servers; and
V. issuing an alert upon detecting an incorrectly responding DNS server, the alert comprising the identification of the incorrectly responding DNS server and information about the incorrect query response thereof,
wherein acquiring the DNS server list comprises including in the list DNS servers according to one or more of the following criteria:
(a) pertaining to internet Service Providers (ISPs) and/or Mobile Service Providers (MSPs),
(b) pertaining to organizations providing services in predefined geographical areas,
(c) pertaining to given one or more specific organizations,
(d) passing a reliability test based on DNS queries whose responses are known in advance, and
(e) surpassing a predefined level of assessed usage.
|