Domain name system (DNS) tunneling is a pervasive threat that enables hackers to get any data in and out of a company’s internal network while bypassing most firewalls. The domain name system translates numeric internet protocol addresses that browsers can then use to load web pages — threat actors use tunneling to exploit this process and steal data by hiding it inside DNS traffic.
Most DNS attacks focus on spoofing or misdirection, where an attacker either feeds false information to DNS servers or convinces other systems to query a hostile DNS server instead of a legitimate one. But DNS tunneling essentially smuggles hostile traffic through DNS ports, which makes these attacks difficult to detect and mitigate.
