	US 12,445,469 B2
	Using a threat intelligence framework to populate a recursive DNS server cache
John R.B. Woodworth, Amissville, VA (US); Dean Ballew, Sterling, VA (US); Dan Luther, Claremore, OK (US); and Mark Dehus, Thornton, CO (US)
Assigned to Level 3 Communications, LLC, Denver, CO (US)
Filed by Level 3 Communications, LLC, Broomfield, CO (US)
Filed on Aug. 26, 2022, as Appl. No. 17/822,582.
Claims priority of provisional application 63/241,420, filed on Sep. 7, 2021.
Prior Publication US 2023/0069845 A1, Mar. 9, 2023
Int. Cl. H04L 9/40 (2022.01); G06F 16/953 (2019.01); H04L 61/4511 (2022.01); H04L 61/58 (2022.01)

CPC H04L 63/1425 (2013.01) [G06F 16/953 (2019.01); H04L 61/4511 (2022.05); H04L 61/58 (2022.05)]

18 Claims

1. A method, comprising:

receiving, at a recursive DNS server from an observation system, a trigger notification, the trigger notification indicating a domain name system (DNS) cache of the recursive DNS server is to be populated based on performance metrics and/or events of the recursive DNS server monitored by the observation system;

requesting, by the recursive DNS server, access to a threat intelligence system, the threat intelligence system storing DNS information contained in query-answer pairs captured from communications between clients and DNS servers;

receiving, by the recursive DNS server, the DNS information from the threat intelligence system; and

populating, by the recursive DNS server, the DNS cache of the recursive DNS server with the received DNS information.