As cyber threats become more advanced and prevalent, network operators use a variety of tools and techniques to detect and defend against these attacks. Due to the importance of the domain name system or DNS in almost all internet communications, security controls that are based on DNS are often used by network operators as a first line defense to detect and block malicious network traffic. In this work we present how DNS data can be augmented by combining it with its corresponding network traffic data that is often collected from a different point in the network. This will allow operators to exactly identify hosts within the network that have resolved malicious domains and can identify exactly how much communication happened with the malicious domain. Both of these are not possible using only the passive DNS data that is collected from the network. In this paper we demonstrate this process using DNS data and network traffic data collected from a university network. To this aim, we first identify and measure clock offset between the two datasets. After accounting for the clock offset, we identify traffic to malicious domains by augmenting the DNS data with network traffic data. Furthermore, we do an in-depth analysis to identify the type of malice of the malicious domains which we identified in the data.