Monitoring and proactively analyzing Domain Name Server (DNS) queries and responses has become a standard security practice for networks of all sizes. Many types of malware rely on DNS traffic to communicate with command-and-control servers, inject ads, redirect traffic, or transport data.
DNS logging and monitoring — General concepts
BIND 9 — Collecting BIND 9 logs
Windows DNS Server — Collecting analytical logs from Windows DNS Server
Passive DNS monitoring — Capturing DNS Network Packets