Command-and-control (C&C) servers are the machines attackers use to maintain communication with the compromised systems in a target network. The type of C&C traffic depends on the malware and the attackers objective. Most modern networks have a very strict inbound filtering policy, making it impossible for attackers to directly contact the compromised machines from an external network. Most malware will use a Domain Name System (DNS) to resolve a C &C server address. The log files of your internal DNS server are a crucial source of information.”]
Source: https://securityintelligence.com/how-to-leverage-log-services-to-analyze-cc-traffic/