Recursive DNS (RDNS) is one of the fundamental building blocks of the internet and nearly every action on the internet starts with a simple DNS lookup. However, RDNS is also used by cybercriminals as a channel for launching attacks and for exfiltrating data. For example, they can embed sensitive information, such as credit card details, into DNS requests from a device they had previously compromised with malware. \r\n Many organizations have deployed a DNS firewall to monitor and control their RDNS traffic. The concept is simple, yet powerful: All the organization does is redirect its RDNS traffic to a service that compares each DNS request against a frequently updated list of known malicious domains.  \r\n With that simple redirect, the service can identify and block requests to malware and ransomware domains, and to command and control servers, which are a fundamental component for activating, updating, and controlling malware once installed in a network.  \r\n Identifying DNS…