Mechanism to flag potential hijacking instances

Hey,

I was wondering if it's possible, e.g. through logging and validation, to monitor and flag potential hijacking instances?

For instance:

1) Client-side NextDNS submits DNS request [logged]

2) Server-side NextDNS replies with DNS [logged and validated against original query]

While I do not think it would be feasible to do this in real-time, I think a scheduled job would be nice to analyze our logs against the server-side (opt-in, of course) and notify us of any discrepancies.