A word of caution, don't try this in a corporate environment. Many corporate firewalls will generate security alerts on high DNS request rates. PaloAlto PAN's specifically have alerts for this. I believe Fortigate may as well. Most of the DLP appliances will detect this too. Splunk also has a module to detect this based on query logs. I don't have a horse in the race, just trying to save a few here from a paddlin'.