Plight at the end of the tunnel

DNS tunneling is a technique that exploits the Domain Name System (DNS) to transmit other protocols' data through DNS queries and responses, often used for command and control or data exfiltration by malware. Despite advancements in internet architecture and detection techniques, DNS tunneling remains challenging to detect due to its ubiquity and the false positives generated by legitimate services like Content Delivery Networks (CDNs) and unconventional DNS applications. The article highlights that DNS tunneling can achieve covert communication without direct connections to attackers and can be difficult to detect due to its stealth and performance characteristics. Detection requires a layered approach, considering record types, packet sizes, and access patterns, while noting that future DNS privacy protocols like DNS over HTTPS and DNS over TLS may further complicate detection efforts.