	US 11,677,714 B2
	Collecting passive DNS traffic to generate a virtual authoritative DNS server
John R. Woodworth, Amissvile, VA (US); Dean Ballew, Sterling, VA (US); and Mark Dehus, Thornton, CO (US)
Assigned to Level 3 Communications, LLC, Broomfield, CO (US)
Filed by Level 3 Communications, LLC, Broomfield, CO (US)
Filed on Sep. 20, 2021, as Appl. No. 17/479,685.
Claims priority of provisional application 63/101,241, filed on Sep. 21, 2020.
Prior Publication US 2022/0094661 A1, Mar. 24, 2022
Int. Cl. G06F 15/16 (2006.01); H04L 61/4511 (2022.01); H04L 61/301 (2022.01); H04L 61/58 (2022.01)

CPC H04L 61/4511 (2022.05) [H04L 61/301 (2013.01); H04L 61/58 (2022.05)]

20 Claims

1. A method, comprising:

capturing domain name system (DNS) data;

receiving a trigger notification, the trigger notification indicating a zone associated with an authoritative DNS server is compromised;

determining whether a recursive DNS resolver has valid cached information associated with the zone; and

when it is determined the recursive DNS resolver does not have valid cached information associated with the zone:

causing the recursive DNS resolver to retrieve last known valid information associated with the zone from an observer system, the last known valid information being captured from the DNS data;

generating a virtual zone using the last known valid information; and

causing the recursive DNS resolver to host the virtual zone.