Inbound traffic can contain exploits, infections or indications of potential compromise. Malware products are exfiltrating data by using DNS tunneling tools to. utilize outbound port 53 traffic to fly under the radar of filtering tools. Long subdomains (100-plus characters) could be an indication that something is amiss. There isnt any actual host with that name, which is why it is accessed only once. Some of these extra long DNS requests are only accessed a single time.”]
Source: https://securityintelligence.com/protecting-your-network-through-understanding-dns-requests/