Dnsrecon detection

Hi all,
I’m trying to create a detection for the dnsrecon using the following command.

dnsrecon -d sampledomain
I have been trying to find out common content in the query and response packets captured through wireshark but no luck until now.
Can anyone suggest any leads on what to do in this case?
Any leads would be appreciated.

So you run this tool, but what do you want to actually do afterwards?
Do you capture the traffic generated and if so, how?