Provided are systems for detecting an anomaly in network activity using Domain Name System (DNS) query data that include a processor to receive data associated with a plurality of DNS queries from a plurality of data sources, parse the data associated with the plurality of DNS queries to provide DNS query data and network domain data, route the DNS query data to a first queue using a queries exchange, route the network domain data to a second queue using a domains exchange, poll the first queue and the second queue with a microservice application to receive the DNS query data and the network domain data with the microservice application for processing, and detect a characteristic of the one or more DNS queries of the plurality of DNS queries based on the DNS query data and the network domain data. Methods and computer program products are also disclosed.