Techniques for Qprints using telemetry-based similarity for DNS are provided. In some embodiments, a system/process/computer program product for Qprints using telemetry-based similarity for DNS in accordance with some embodiments includes aggregating a set of network related event data, wherein the set of network related event data includes Domain Name System (DNS) related query data; clustering the DNS related query data; and generating similarity clusters for domains based on their DNS related query data. For example, the set of network related event data can include passive DNS (pDNS) data aggregated over a period of time to express pDNS data at-scale, and similarity of the pDNS data aggregated over the period of time is quantified, within and across networks based on telemetry-based similarity for DNS using a statistical model.