How to process/pipe TCPDUMPs output in realtime

Straight out of man tcpdump

-l     Make stdout line buffered.  Useful if you want to see the data while 
       capturing it.  E.g.,

              tcpdump -l | tee dat

       or

              tcpdump -l > dat & tail -f dat

       Note that on Windows,``line buffered'' means ``unbuffered'', so that 
       WinDump will write each character individually if -l is specified.

       -U is similar to -l in its behavior, but it will cause output to be 
       ``packet-buffered'', so that the output is written to stdout at the 
       end of each packet rather than at the end of each line; this is 
       buffered on all platforms, including Windows.

Use the option -U in combination with -w so that tcpdump writes packets immediately.

The tcpdump is apparently buffering output when it writes to a pipe. It's not flushing output for each write, so the system will write the output in about 4k byte chunks. Your filter is limiting out put so you won't see anything until that filter has written enough output. Once it collects enough it will be written out in a chunk and you should see several lines emitted then.

Try to trigger DNS lookups many times and see what happens then.