DNS servers logs

Name server query logs can help understand IP-to-hostname resolution at specific times. Consider a scenario where, as soon as a system got infected with malware on the network, it tried to connect back to a certain domain for command and control. Let's see an example as follows:

We can see in the preceding screenshot that a DNS request was resolved for malwaresamples.com website and the resolved IP address was returned.

Having access to the DNS query packets can reveal Indicators of Compromise for a particular malware on the network while quickly revealing the IP address of the system making the query, and can be dealt with ease.