All DNS queries and responses - Essential for identifying C2 communication, data exfiltration via DNS, and domain generation algorithms - Tools: Passive DNS databases, DNS server logs, Zeek DNS logs