DNS Tunnelling

August 2015

A recent project at Nexor required us to look at the challenges of providing access to the DNS from a secure environment. It reminded me of the issues related to DNS tunnelling.
DNS tunnelling DNS tunnelling enables a user to run a full TCP/IP stack over the top of the DNS protocol. This is especially useful when a firewall is blocking outbound ports. DNS tunnelling is not new, and surprisingly simple to do. For example, the following DNS query:


Will pass the message ‘secret_data_sent_via_dns’ to the server infoleak.nexor.com (data leaving network). The server might respond:

Response.infoleak.nexor.com. 0 IN TXT ‘Message received – thanks

Thus two way data communication has occurred. Once you have two way communication, you can run any communication protocol of your choice, including TCP/IP. Sadly DNS tunnelling means a firewall is now pretty much useless as a tool to control the network traffic that leaves a business. As an attacker, once you have managed to get software to execute on the inside of a firewall, you can use the DNS to set up a communication tunnel to get data out (or more malware in). Is this a problem that concerns your business? If so, contact Nexor to find out how we can help solve the problem.


This article was originally posted on the Cyber Matters blog – which gives “bite-size insight on cyber security for the not too technical”.

Author Bio - Colin Robbins

COLIN ROBBINSColin Robbins is a Principal Security Consultant at Nexor. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.

Subscribe to our RSS feeds


Our Accreditations; Investors in people; ISO 9001; Cyber Essentials; ISO 27001; TickIT Plus; HM Government.

Be the first to know about developments in secure information exchange

Share This