DNS is one of the internet's fundamental building blocks, used by various applications such as web and mail transfer. Therefore, monitoring DNS traffic has potential to detect host anomalies such as spammers and infected hosts in a network. However, previous works assume a small number of hosts or target on domain name anomalies, so that they cannot be applied to a large-scale networks due to performance issues. A large number of hosts and long-term tracing consume computational resources and make realtime analysis difficult. In this paper, we propose anomaly detection for DNS servers using frequent host selection, which selects only potential hosts and does not depend on the number of hosts. We evaluate the proposed system using DNS traffic for 6 months of tracing, and show that the system can feasibly handle hosts in the dataset and detect anomalies, such as mail servers suffering from spam and DNS servers are configured incorrectly.