More 90% of malware traffic uses DNS for communicating to external entities. Also, DNS is a standard protocol for communication within other application protocols like SMTP, HTTP, SSL or FTP. Because of this, analysing DNS traffic is a powerful way to discover and block malicious activity.