Verizon Communications Inc.
Domain name server based validation of network connections

Abstract:

A device receives a first network connection request, that does not include a domain name server (DNS) query, for establishment of a connection to a target destination. The device determines whether information identifying the target destination matches information identifying a permissible destination, included in a set of permissible destinations, identified in connection with a second network connection request, where the second network connection request included a prior DNS query and was received prior to the first network connection request being received, and where a prior security verification was performed in connection with the second network connection request and the prior DNS query. The device selectively establishes or blocks the connection to the target destination as a response to the first network connection request based on whether the information identifying the target destination matches the information identifying the permissible destination included in the set of permissible destinations.