So I'm just guessing on your setup here, but I would expect with what you're seeing the domain controllers are also acting as your DNS servers? If that's the case, it simply means that one of the clients on your network is making DNS requests that match the published DNS Signatures, likely because the requested hostname is malicious in nature.
Unless you have a way to see the actual host -> DNS traffic, or you are loggign the DNS requests on the server, you really won't get a huge amount of actionable data. As of this moment the only thing you know for sure is that someone in your network is causing the DNS servers to make malicious DNS requests; without additional logs that isn't extremely helpful for you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!