DNS Tunneling

Posted on 2009-04-17
Last Modified: 2013-11-16
I was reading about something called DNS tunneling and how it can be used to get passed hotspot pay points. In theory I would assume that this would also allow you to bypass content filters. Is there anyway to prevent this? I have been battling with this type of stuff for years with students using proxies to bypass our content filter and it would be nice to nip this problem once and for all.
Question by:thebradnetwork
    LVL 33

    Expert Comment

    by:Dave Howe
    I wouldn't worry too much about it - dns queries are low bandwidth, and really you shouldn't be allowing any sort of query to external resolvers without them first paying for access (most pay2play access point systems respond to *any* dns query with the IP for the pay2play login/payment screen until the mac is authorized)

    more troublesome is setups where people clone someone else's mac and IP (who has paid) and then continue to use their credits once they have signed off and gone somewhere else - I have seen "ghost" bills from this where someone has been billed hundreds of dollars for access over a period of hours or days when he can prove that he and his laptop were on the other side of an ocean....
    LVL 12

    Expert Comment

    DNS tunnelling usually refers to the use of DNS traffic for a covert channel. It uses DNS requests, usually text records, to communicate with a remote server listening on the DNS port. This isn't typically the way web content filters are bypassed. But it's an effective (and old) technique. Detecting it usually involves an IDS that watches for unusual volumes or patterns in DNS traffic.

    The usual way content filters are bypassed is through an anonymizer. Is this what you're referring to?
    LVL 33

    Accepted Solution

    most content filters explicitly list the known anonymizing proxies - there are exceptions of course...
    LVL 12

    Assisted Solution

    Sure. But if you're going through the trouble of establishing a DNS tunnelling server to surf the net, I'd be inclined instead to set up my own http proxy. Better bandwidth I'd expect, and a lot more straightforward.

    My question was just to make sure I understand what the issue is before trying to provide solutions.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Admin File Share Access 9 69
    End Point Protection 11 57
    Capturing login data on mobile client 1 58
    Endpoint security products 4 31
    Article by: btan
    The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
    You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now