home

Dns Tunneling Deep Dive

If you are interested in an more formal introduction to the DNS tunneling technique and threat tracking, you may want to check out my previous post.

Table of Contents

Getting Started

In this post, we do a deep dive into the requirements to establish a DNS tunnel also referred to as a covert channel. This topic is extensively covered. I am attempting to compiling learning and knowledge in this post to provide the technique knowledge to create a framework for established a covert channel in a custom sample. With that in mind, our goal is to establish communication between a controlled DNS zone in an authoritative server and a program. This can be later expanded to include additional evasion techniques like DNS-over-HTTPS or DNS-over-TLS, but we will start simple. If you are interested in just leveraging a tool to accomplish this goal, I would suggest checking out iodine.

Now, sense we do not care about speed, given the heuristics of this technique, we will use python for simplicity. From a meta perspective, we will need two application processes, the server and the client.

Setting Up the Environment

  • Required tools and libraries (e.g., Python, specific DNS libraries).
  • Setting up a Python virtual environment.
  • Installing necessary Python packages (e.g., dnspython, requests, scapy).

Building the Server

  • Designing the server architecture.
  • Code walkthrough for setting up the DNS server.
  • Handling DNS queries and embedding data.

Developing the Client

  • Architecture of the client-side application.
  • Code for sending requests and receiving data through DNS queries.
  • Integrating the client with the server.

Testing the Tunnel

  • Steps to test the DNS tunnel.
  • Monitoring and debugging techniques.

Evasion Techniques

  • Introduce DNS-over-HTTPS and DNS-over-TLS.
  • Discuss how these techniques can be integrated.
  • Explain the advantages of using these techniques for evasion.

Security Implications and Ethical Considerations

  • Discuss the ethical considerations of using DNS tunneling.
  • Legal implications and potential misuse.
  • How to responsibly disclose vulnerabilities.

References

Updates

  • 11/17/2023: Updated Readability to post and added scaffolding for later updates.
  • 11/28/2023: Added additional content sections and code snippets.