iphone making unusual, weird, strange DNS requests

Hey guys,
Iam experiencing exactly the same issues like this guy:iPad making unusual DNS requests

The requests looking like this:

uzhfodpjujzl.afs2zpprdl27wpcc.com

6grug3w6qyep61.njilkqtodt83269kpnl6v5.com

vdeic96td6p6g6djit.mpdnmxx8xnkv.com

gz0ydh93fpnpz.qkhgx3a38e3n27vzd4pmubr6p5.com

4qw72cldoaifh-.wxf86b4jutnn0n8uns032.com

m8r0qivfyvptl19-za.9a29uesnow7j9bzkxsj8k0r.com

m0hj22je.9xduspz-3lbw.com

10e1qydg0lbuac5fw-skjpi5n.fmwfpjj75p8iqkakweeq1.com

s1rfxbe4shiloqfwixla6rbos8o.41hg74liupg7dm7og.com

pj8vn6b1q-sixm.fu0qisem1ycsk8jpqp8ep-6eslt.com

vchj9457yb1.6q-6w4hzzdv7-f2rhzlva.com

2qjeu-5ooy2ijyn3nni9.clbh3bw7.com

l708bnpfn-j.m7gqzmy8.com

f6-i6n9pt8gpgtcs2lh8yk.la87krigknri.com

revji-9d3.u8l0etdavigqgksz11fpszllo.com

54gjohvlylrc8brgxeo985wv3.owpia1ui7zdcqd.com

I cant find any pattern how they appearing.

German Apple support says "Not an Apple issue. Sorry."

Anyone know where to find the DNS queries in an unencrypted backup?
Is there a logfile, plist or even sqlite file?
Anybody knows a way to see which process is firing up those DNS queries?

tcpdumps from iPhone to DNS and iPhone to Gateway are not suspicious (as far as I can tell).

All domains are not registered.

At twitter a guy DM'ed me a regex which is matching all the DNS queries:

^[a-z0-9-]{8,27}\.[a-z0-9-]{8,27}\.com$

In his case it led to a VPN software but I have no (obvious) VPN App/Software installed.

I have another 3 Apple devices in the same network without this behaviour.

Any reply will be appreciated.
Thanks,
Markus