Dns Tunneling Deep Dive

If you are interested in a more formal introduction to the DNS tunneling technique and threat tracking, you may want to check out my previous post.

Table of Contents

Getting Started

In this post, we do a deep dive into the requirements to establish a DNS tunnel also referred to as a covert channel. This topic is extensively covered. I am attempting to compiling learning and knowledge in this post to provide the technique knowledge to create a framework for established a covert channel in a custom sample. With that in mind, our goal is to establish communication between a controlled DNS zone in an authoritative server and a program. This can be later expanded to include additional evasion techniques like DNS-over-HTTPS or DNS-over-TLS, but we will start simple. If you are interested in just leveraging a tool to accomplish this goal, I would suggest checking out iodine.

Now, sense we do not care about speed, given the heuristics of this technique, we will use python for simplicity. From a meta perspective, we will need two application processes, the server and the client. You can find this posts code base here.

Setting Up the Environment

  • Required tools and libraries (e.g., Python, specific DNS libraries).
  • Setting up a Python virtual environment.
  • Installing necessary Python packages (e.g., dnspython, requests, scapy).

Building the Server

  • Designing the server architecture.
  • Code walkthrough for setting up the DNS server.
  • Handling DNS queries and embedding data.

Developing the Client

  • Architecture of the client-side application.
  • Code for sending requests and receiving data through DNS queries.i9
  • Integrating the client with the server.

Testing the Tunnel

  • Steps to test the DNS tunnel.
  • Monitoring and debugging techniques.

Evasion Techniques

  • Introduce DNS-over-HTTPS and DNS-over-TLS.
  • Discuss how these techniques can be integrated.
  • Explain the advantages of using these techniques for evasion.

Security Implications and Ethical Considerations

  • Discuss the ethical considerations of using DNS tunneling.
  • Legal implications and potential misuse.
  • How to responsibly disclose vulnerabilities.



  • 11/17/2023: Updated Readability to post and added scaffolding for later updates.
  • 11/28/2023: Added additional content sections and scaffolding
  • 12/2/2023: Updated post content and removing scaffolded content