Suricata

Right now I see 4-5 types of DNS type records. It would be great if you could include nxdomain (i.e domain doesn't exist) type too.
This will help tracking down future malicious domains which are generated by DGA. Malware authors don't register all the domains together and do in batch. Digging through nxdomain records will give great analytic value.