...
The Domain Name System (DNS) is one of the fundamental services of the Internet, and therefore companies usually allow the DNS protocol to pass bidirectionally through their firewall. This is necessary so that, for example, employees can call up external websites and customers or prospective customers are able to find the company's websites. This offers the usual convenience of using the internet, but also opens up opportunities for potential attackers to infect a network.
One way to attack a network via DNS is the method of DNS tunneling. Here, DNS requests are used to implement a command and control channel for malware. Incoming DNS traffic transmits the commands to the malware and outgoing DNS traffic transmits sensitive data and information to the attacker. DNS tunnelling can also be used to circumvent regulations in networks, e.g. by leveraging hotspot logins or blocked services.
...