DNS tunneling is the use of DNS queries and responses to transmit data or commands through a channel not intended for that purpose. It matters because attackers abuse allowed or lightly inspected protocols to sneak communication through otherwise restrictive environments.
What is DNS Tunneling?
DNS tunneling can support command-and-control, exfiltration, and covert messaging by encoding data into subdomains or responses. It is appealing because DNS is broadly allowed and often trusted operationally.
What DNS Tunneling Commonly Supports
Common uses include covert channel detection, exfiltration defense, network monitoring, and DNS security review.
DNS Tunneling vs. Ordinary Name Resolution Traffic
DNS tunneling uses DNS as a covert transport mechanism. Ordinary DNS resolves names without embedding hidden command or data exchange.
Frequently Asked Questions
Why is DNS tunneling hard to spot?
Because DNS is ubiquitous, often low-bandwidth, and sometimes under-inspected compared with web traffic.
What signals help detect it?
Unusual query lengths, entropy, volume patterns, rare domains, and host behavior context can all help.
Related Cybersecurity Terms
