This blog is the source of this info, there are a few others way to do it but this seems superior
Wouldn't you like to know what DNS requests are being made from your network? You ought to. Ideally, pipe it to logstash, do what you want with it (geolocation, etc.) and then send it to a datastore that Kibana can work with (ElasticSearch fits here, the good old "ELK Stack") ... you could also send it to greylog.
One thing that's nice to do is generate a report (daily) of "first time" DNS queries. This is especially useful in a "threat hunting" type scenario, though this guide isn't really aimed at enterprises ..