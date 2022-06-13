When requesting domains that do not have IP addresses, the destination IP is recorded as 0.0.0.0 in DNS logs. Seeing high volumes of domain queries without destination IP addresses in the DNS is usually considered a malicious activity. It could mean that one or more infected devices are trying to connect a botnet C&C (Command and Control) server from the network.

Historical data on whether a domain has been associated with specific DNS records at some point is also very beneficial. It is considered that domains used in cyber crime are taken down once their function is completed.

