| CPC H04L 63/0236 (2013.01) [H04L 61/4511 (2022.05); H04L 61/5007 (2022.05); H04L 63/20 (2013.01)] | 17 Claims |
|
1. A domain name system (DNS) resolver comprising:
a processor; and
a non-transitory computer-readable media storing instructions that, when executed by the processor, cause the processor to perform operations comprising:
receiving, from a client device, a request for an internet protocol (IP) address associated with a domain name;
determining the IP address associated with the domain name;
sending first data defining the IP address associated with the domain name to the client device;
receiving, from the client device, a notification of an association between the client device and a firewall device from a plurality of firewall devices that the client device can communicate with;
sending second data defining the IP address associated with the domain name to the firewall device based at least in part on the receiving of the notification from the client device, the second data including an identification of the client device;
creating an access policy based at least in part on the association between the client device and the firewall device; and
based at least in part on receiving a data packet from the client device addressed to the IP address, instructing the firewall device to:
inspect the data packet for the IP address to determine if the IP address matches the domain name within an entry of a domain name registry (DNR) defining the IP address associated with the domain name including the identification of the client device, wherein the DNR entry is generated in response to receiving the request from the client device;
in response to determining that the IP address matches the domain name within the DNR entry, allow the data packet to be transmitted based at least in part on the access policy and the IP address matching the domain name, and
in response to determining that the IP address does not match the domain name within the DNR entry, restrict the data packet from transmission to the IP address.
|