The DNS infrastructure is a key component of the Internet and is thus used by a multitude of services, both legitimate and malicious. Recently, several works demonstrated that malicious DNS activity usually exhibits observable dynamics that may be exploited for detection and mitigation. Clearly, reliable differentiation requires legitimate activity to not show these dynamics. In this paper, we show that this is often not the case, and propose a set of DNS stability metrics that help to efficiently categorize the DNS activity of a diverse set of Internet sites.