Using dnstap for triggering action from DNS name resolution.
It should work with any DNS server with dnstap output, tested with Coredns.
With a setcap, coredns doesn't have to be run as root,
but on-his-name uses iptables and needs to be run as root.
Launch coredns in the folder with the Corefile.
Launch the service :
LISTEN=./tap.sock SOCKET_UID=1000 ./bin/on-his-name *.example.com
You can dig :
dig @localhost -p 1053 blog.example.com