I have good news regarding the logging issues I described in previous posts. I sat down with the client and the vendor, and we had a productive meeting together. We all agreed that logging of DNS queries ought to be part of the product. In fact, the vendor couldn't understand why it was ever overlooked/omitted by them in the first place. The vendor agreed to include this feature in the next release of the product (date of release still undetermined).
The good news here is that analyzing the data on the network revealed a shortcoming in a vendor solution that many organizations use (including yours perhaps). Most people probably rely on the logging of this product without having any reason to question it. My hope here is that the issue I identified will allow this vendor's entire customer base to better protect and defend their networks.
Today is a good day. The entire cyber security community will benefit because of this. Now that's cool.