Hi @Hugh.Kelley,
can't comment on dns.google.com or dns-api.org but would like to provide some comments on https://github.com/PaloAltoNetworks/fqdn-service
It is a "serverless implementation" (no VM needed). It is likely to cost you 0$ a month unless you share it with a large community of users
It can resolve many FQDN's at once which means that a single miner is needed
It can store a history of responses
Take into account, though, that if you're using PANOS then you better create custom L7 apps (SSL Decrypt + matching the HTTP Host Header or SSL Response Certificate in case you're not decryting) instead of matching based on FQDN. FQDN matching is performed at "sample intervals" (i.e. once an hour) and these FQDN entries behind AWS rotate tipically at 1 minute intervals. That means that you will, probably, fail to match many sessions between sample intervals no matter which DNS service you end up using
... View more