...
Many Organizations let the DNS protocol pass through their firewall in both directions because their internal employees have to visit external websites in the internet and external users or customers have to find their the company websites.
A network attack with DNS tunneling takes advantage of this by using DNS queries to implement a command and control channel for malware. Incoming DNS traffic can relay commands to the malware, while outgoing traffic can forward data, sensitive information, or responses to Inquiries from malware operators. DNS tunneling can also be used to bypass regulations in networks, for example by using access point logins or blocked services.
This works because DNS is a very flexible protocol. There are very few restrictions on the data that a DNS query contains as it is designed to look up domain names for websites. Since almost anything can be a domain name, these fields can be used to convey sensitive information. These queries are designed to target DNS servers controlled by attackers so that they can receive the queries and respond in the appropriate DNS responses.
...