Over recent years, we have seen endangered registrar accounts used to change delegation advice, name servers increasing assaults against DNS infrastructure: DDoS attacks against important name servers, cache poisoning attacks, and mistreatment of name servers by malware. Happily, we have also found the concurrent development of strong new mechanisms for fighting those hazards, including answer rate, answer policy zones, and the DNS Security Extensions.
Probably the security of the Internet normally, as well as the most promising method of improving DNS security, has yet to be completely used. That is Passive DNS information.

Florian Weimer in 2004 devised passive DNS to fight malware. Essentially, the answers they received from other name servers and repeat that logged information to a central database would be logged by recursive name servers.
What would that logged information look like? Well, remember recursive name servers work.

This information is time-stamped, compressed, and deduped, then repeated to a central database for evaluation and archiving.
Notice that what is got is server-to-server communication, not queries to the recursive name server from your stub resolvers. That is significant for just two reasons. First, there is significantly less server-to-server conversation than between a recursive name server as well as a stub resolver cache misses. The server-to-server communication can not readily be connected with a specific stub resolver, and so signifies considerably less of a privacy concern.
The way the Passive DNS information is gathered changes. Some recursive name servers, including Unbound and Knot, contain applications hooks which make it simple to get Passive DNS information.
Different tools may be used by people on the host running the recursive name server to track visitors to the name server, or else they might reflect the interface of the name server to a different host that records the information.