In this paper, we introduce a novel way to perform DNS-based detection of threats to networks that is fully respectful of user privacy. Using privacy enhancing technologies based on a technique called "Bloom filters", we show how we can track all DNS queries to the busy DNS resolvers the SURFnet operates for its constituency, while at the same time providing solid privacy guarantees for individual users. And not only do we explain and demonstrate the use of this technology, we will make all of our code available in open source.