On my network? Absolutely, ability to inspect packets is absolutely essential. On a public network? Different story.
I’ve personally been engaged in incident response and in many scenarios DNS is a control mechanism for malware, or uses it for various purposes. It’s often a key piece of evidence for reconstruction of an incident.
Raw IPs can be used as well, but that doesn’t negate my point.
>Raw IPs can be used as well, but that doesn’t negate my point.
And in fact if you have enterprise-wide visibility on DNS requests, you have the opportunity to detect the use of an IP that was not returned in a request. Making it immediately suspect.
What, you think that anyone looking to get something out undetected isn't using raw IP's?