Home
HomeGlossaryDNS Tunneling

DNS Tunneling

MITRE ATTACK layer: Command and Control

ON THIS PAGE

Unlock 442% ROI*

Control all your endpoints in a single platform.

4.6/5
Book a Demo

*Return on investment over three years as per the Total Economic Impact™ (TEI) study by Forrester

DNS tunneling is a command and control technique where an attacker abuses the Domain Name System to exchange commands and data with a compromised system. It leverages the fact that DNS traffic is widely trusted and rarely blocked, rather than exploiting a traditional software vulnerability.

How is DNS Tunneling abused

Attackers deliver encoded commands or stolen data within DNS query and response traffic directed to attacker-controlled domains. Once the compromised endpoint initiates these requests, the attacker decodes the payload and sends instructions back through DNS responses, allowing command-and-control communication to persist while blending into legitimate network activity.

Why DNS Tunneling matters

DNS tunneling enables attackers to maintain stealthy command and control access even in restricted enterprise networks. A single compromised endpoint can be used to exfiltrate sensitive data, receive further payloads, or sustain long-term persistence without triggering perimeter or proxy-based security controls.

Real-world example

Detour Dog

In October 2025, security researchers uncovered a massive DNS-based malware campaign tracked as Detour Dog, where tens of thousands of compromised websites were abused to embed structured DNS queries and responses that functioned as covert command and control and payload delivery channels. Infected sites generated malicious DNS TXT record lookups that encoded victim data and fetched remote instructions, enabling multi-stage malware deployment and stealthy remote control through DNS infrastructure.

Source

Get the full attack repository

Get our entire attack repository in a single, offline-ready PDF guide, featuring 25+ real-world attacks.

Please enter a valid email.Please enter a email.
By clicking 'Download EBOOK', you agree to processing of personal data according to the Privacy Policy.

Related topics

Command and Control
Command and Control Attack
Read more
Command and Control
Advanced Persistent Threat
Read more
Command and Control
Man-in-the-Middle Attack
Read more

Additional Resources

Research
Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report

See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central.

Read more
Security validation
Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report

Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months.

Read more
Guide
Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies

Get a clear, practical guide to understanding threats and strengthening your organization’s security.

Read more

Trusted by

Unified Endpoint Management and Security Solution
Patch ManagementSoftware DeploymentEndpoint SecurityOS DeploymentAsset ManagementMobile Device MgmtTools & Configurations