Microsoft has announced that a new version of Sysmon is coming out this week that will include the ability to log DNS queries performed on a monitored computer. Even better, it will also log the process that performed the query. This can allow administrators to quickly track down offending applications that may be connecting to unwanted sites or performing other unwanted behavior. This data can then be consumed by other tools in order to find executables creating suspicious traffic or connecting to malicious domains. With this new feature, we can expect updated configuration files and tools that can now utilize the data that this free tool provides.
Source: https://www.bleepingcomputer.com/news/microsoft/sysmon-getting-dns-query-logging-with-querying-process-name/