Length of DNS query can often be an indicator of suspicious activity. Regular domain names lengths are not too large whereas domain name query used for data exfiltration or tunneling can often be very large in size. This is because they could be encoded using base 64/32 etc. The query looks for Names that are more than 200 characters in length. Having said that there are also a lot of reputation feeds and some services like Spotify which used the DNS protocol to send information to external servers.
Source: Github - Microsoft
MITRE ATT&CK Tactics
Command and Control
Valid internal services performing this type of DNS requests.
Recommend to whitelist these applications.
It is recommended to review the Firewall\Webproxy logs in relation to the ClientIP making the DNS requests.