TSHARK

root@dco:~$ BROWSER > https://www.wireshark.org/docs/dfref > CTRL+F
 search: dns
  https://www.wireshark.org/docs/dfref/d/dns.html
root@dco:~$ BROWSER > https://www.wireshark.org/docs/dfref/d/dns.html > CTRL+F
 search: qry
  dns.qry.name	Name	Character string	1.0.0 to 4.4.5

root@dco:~$ tshark -r dns-queries.pcap -T fields -e dns.qry.name | awk NF | sort -r | uniq -c | sort -r
 96 connectivity-check.ubuntu.com.rhodes.edu
 94 connectivity-check.ubuntu.com
  8 3.57.20.10.in-addr.arpa
  4 e.9.d.b.c.9.d.7.1.b.0.f.a.2.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa
  4 0.f.2.5.6.b.e.f.f.f.b.7.2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa
  2 _ipps._tcp.local,_ipp._tcp.local
  2 84.170.224.35.in-addr.arpa
  2 22.2.10.10.in-addr.arpa
  
 * the "awk NF" in the pipeline will remove empty lines.