Sysinternals - Sysmon with DNS logging
The new event ID for DNS queries is 22. As soon as a process executes a DNS query, it is written to the LOG as an event, regardless of whether the result is positive or negative.
Download all tools
The Sysmon Shell is a tool for creating configuration templates and much more.
Sysmon View, an offline tool for graphical evaluation of events. It helps track and visualize sysmon logs by logically grouping and correlating various sysmon events.