I follow Mark Russinovich on Twitter to 1) know when he updates the Sysinternals tools and 2) when he’s working on new books (fiction and non-fiction).
Mark announced a new version of Sysmon that will log DNS queries (and replies):
This new version will be released on Tuesday.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.