Simple query to filter on any DNS activity which is not using port 53.
Select your DNS Query log set when building the query. An Insight Network Sensor is an ideal data source for this as it will passively identify any DNS activity no matter what ports are used.
where(dns_server_port!="53") groupby(dns_server_port) calculate(count)
